[squid-users] Disable 302 redirect in squid, but only to http://eais.rkn.gov.ru

Igor Rylov igoryonya at yahoo.com
Wed Sep 11 19:45:33 UTC 2019

It is known, that RosComNadzor is blocking certain domains/IPs.Often it is bloking by rewriting url in place, i.e., when I try to access http(s)://blocked.domain, it changes in the location bar of the browser to http://eais.rkn.gov.ru (RosComNadzor's bloking page) in place, i.e. no ability to click the back button to see which url was blocked. RosComNadzor's blocking page has no mention of what url was blocked either. When I try to use Firefox'es or Chrom(e|ium)'s Developer Tools's Network section on blocked page to see, if I can find out what page was blocked by looking at Referer param of the HTTP header, it's already too late, because those Network sections don't show anything, because they were not started in advance, before the page was blocked. I have to reload the page, in order to see something in that networking section, but I would be reloading http://eais.rkn.gov.ru page already, not the required url and http://eais.rkn.gov.ru doesn't show any Referer in HTTP header, because, it's reloaded in place, and did not come from some other page. It's frustrating, because, when you have many tabs open, you have no way of knowing, which url's were blocked and no way of recovering the blocked address. squid's access log doesn't help either, because you can't tell for certain, that the log entry, previous to log entry with http://eais.rkn.gov.ru address belongs to the same tab of the browser.

I've found out, one of the urls, that is being blocked, because it happened in front of my eyes, so I've tested it with:$ curl -v 'http://blocked.domain/'
I got the dump:---DUMP START---
*   Trying
* Connected to ( port 3128 (#0)
> GET http://blocked.domain/ HTTP/1.1> Host: blocked.domain> User-Agent: curl/7.47.0
> Accept: */*
> Proxy-Connection: Keep-Alive
< HTTP/1.1 302 Found
< Date: Wed, 11 Sep 2019 08:48:44 GMT
< Content-Length: 205
< Location: http://eais.rkn.gov.ru
< Content-Type: text/html; charset=UTF-8
< X-Cache: MISS from ls02800008008u
< X-Cache-Lookup: MISS from ls02800008008u:3128
< X-Cache: MISS from ws02800008006
< X-Cache-Lookup: MISS from ws02800008006:3128
< X-Cache: MISS from cooldown-nb
< X-Cache-Lookup: MISS from cooldown-nb:3128
< Via: 1.1 ls02800008008u (squid/3.5.12), 1.1 ws02800008006 (squid/3.5.27), 1.1 cooldown-nb (squid/3.5.12)
< Connection: keep-alive
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<H1>302 Found</H1>
The document has moved
<A HREF="http://eais.rkn.gov.ru">here</A>
* Connection #0 to host left intact---DUMP END---

So, there is a 302 redirect, that happens automatically:Location: http://eais.rkn.gov.ru

How do I disable 302 redirect in squid, but only to http://eais.rkn.gov.ru address, so, in browser I see that page is blocked, but at least, I don't loose the information of what page is blocked, because it's not automatically redirected to http://eais.rkn.gov.ru and the location in the browser showing the original url?
After I've wrote my question, I thought, if it's possible to to do it with:
acl sites_blocking_redirect url_regex eais\.rkn\.gov\.ru
reply_header_access Location deny sites_blocking_redirect
Is it a workable or the correct way to do it, so it solves my problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190911/2b17ee16/attachment.html>

More information about the squid-users mailing list