[squid-users] ACL in custom error page

Eliezer Croitoru eliezer at ngtech.co.il
Wed Mar 14 06:13:27 UTC 2018 

And another one:
5) If you are using a deny_info configuration for a specific acl and you are redirecting to a url instead of squid inernal error page you can add some query term that will be used as a marker to the acl.

Example of usage:
acl blacklist-acl dstdomain block-test.org
deny_info http://<SOME SERVER NAME OR IP>/block_page/?url=%u&domain=%H&acl= blacklist-acl blacklist-acl

acl localnet src 192.168.0.0/16

http_access deny ! blacklist-acl
http_access allow localnet

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Alex Rousskov
Sent: Wednesday, March 14, 2018 04:33
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] ACL in custom error page

On 03/13/2018 06:08 PM, Amos Jeffries wrote:
> On 14/03/18 05:46, Eduardo Carneiro wrote:
>> Hello everyone!
>>
>> Is there any way to display, in my custom error pages, the acl that denied
>> access?
> 
> Two things:
> 
>  1) There is no single ACL that denied Access. There is always an entire
> sequence of checks.
> 
> 2) The error page template code has not yet been updated to support
> generic logformat codes which do have a code for the last ACL that was
> tested (note that this may have been the one which _allowed logging_).

And two more:

3) We are working to support major logformat %codes in error pages. The
patches are going through internal review cycles right now.

4) In modern Squids, the best way to log access denial (and similar)
decisions is often via ACL-triggered annotations (rather than the old
"the last ACL touched by somebody" hack). See annotate_transaction in
squid.conf.documented. The corresponding %note logformat code should be
available in error page templates as the result of (3).


Cheers,

Alex.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list