[squid-users] Disable 302 redirect in squid, but only to http://eais.rkn.gov.ru

Amos Jeffries squid3 at treenet.co.nz
Thu Sep 12 05:25:08 UTC 2019


On 12/09/19 7:45 am, Igor Rylov wrote:
> After I've wrote my question, I thought, if it's possible to to do it with:
> 
> acl sites_blocking_redirect url_regex eais\.rkn\.gov\.ru
> <http://eais.rkn.gov.ru>
> reply_header_access Location deny sites_blocking_redirect
> 
> Is it a workable or the correct way to do it, so it solves my problem?

It is close. That would stop the Location header getting to the client
Browser. But the 302 status still will, and given that the Browser back
button functionality is not working like it used to (a browser bug?),
the full result may still not be worth it.

I would use the http_reply_access to deny instead. That way the client
gets a 403 status from Squid and definitely none of the upstream's redirect.

If you want to be more fancy than 403, the current Squid can attach a
deny_info to the ACL to make the denial have 451 status with custom
template page explaining the block to any user that sees it.
 (Which is what your upstream should have been doing.)

Amos


More information about the squid-users mailing list