[squid-users] ICAP and 403 Encapsulated answers (SSL denied domains)
FredB
numsys at free.fr
Mon Jan 21 10:35:55 UTC 2019
Hello all,
I'm playing with Squid4 and e2guardian as ICAP server.
I'm seeing something I misunderstand, when a SSL website is blocked
e2guardian returns a encapsulated "HTTP/1.1 403 Forbidden" header this
part seems good to me with an encrypted website a denied or redirection
page can't be added
But unfortunately Squid adds a "Connection: keep-alive" header and if I
just reload the page I'm waiting a timeout a long moment, (and there is
no ICAP request between squid and e2) it's like the previous connection
still opened.
So the first request is well denied, but the second is without answer
I tried to add "Connection: close" in encapsulated header from
e2guardian without more success, but anyway "Connection: close" value is
removed by squid
I'm doing something wrong ? This wastes connections and from user point
of view the proxy is (very) slow, for example with ADS filtering some
websites freezes
FI the request is well denied in squid and E2 logs
Maybe this is a bug, but I don't known if the issue is from Squid or E2
? What is the correct response from an ICAP server with a denied SSL
website request ?
Thank you
Fred
More information about the squid-users
mailing list