<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Directive "deny_info" didn't work when we blocked https site with
option "ssl_bump". <br>
Maybe, is there another method?<br>
<br>
--------------------------------------------------------------------<br>
acl blocked_https ssl::server_name "/etc/squid/blocked_https.txt"<br>
acl step1 at_step SslBump1<br>
ssl_bump peek step1<br>
<br>
deny_info <a class="moz-txt-link-freetext" href="http://www.example.com">http://www.example.com</a> blocked_https<br>
ssl_bump terminate blocked_https<br>
--------------------------------------------------------------------<br>
<br>
<br>
<div class="moz-cite-prefix">25.03.2016 17:14, Yuri Voinov пишет:<br>
</div>
<blockquote cite="mid:56F547CB.5040706@gmail.com" type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
# TAG: deny_info<br>
# Usage: deny_info err_page_name acl<br>
# or deny_info <a moz-do-not-send="true"
class="moz-txt-link-freetext" href="http://">http://</a>... acl<br>
# or deny_info TCP_RESET acl<br>
#<br>
# This can be used to return a ERR_ page for requests which<br>
# do not pass the 'http_access' rules. Squid remembers the
last<br>
# acl it evaluated in http_access, and if a 'deny_info' line
exists<br>
# for that ACL Squid returns a corresponding error page.<br>
#<br>
# The acl is typically the last acl on the http_access deny
line which<br>
# denied access. The exceptions to this rule are:<br>
# - When Squid needs to request authentication credentials.
It's then<br>
# the first authentication related acl encountered<br>
# - When none of the http_access lines matches. It's then the
last<br>
# acl processed on the last http_access line.<br>
# - When the decision to deny access was made by an adaptation
service,<br>
# the acl name is the corresponding eCAP or ICAP
service_name.<br>
#<br>
# NP: If providing your own custom error pages with
error_directory<br>
# you may also specify them by your custom file name:<br>
# Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys<br>
#<br>
# By defaut Squid will send "403 Forbidden". A different 4xx or
5xx<br>
# may be specified by prefixing the file name with the code and
a colon.<br>
# e.g. 404:ERR_CUSTOM_ACCESS_DENIED<br>
#<br>
# Alternatively you can tell Squid to reset the TCP connection<br>
# by specifying TCP_RESET.<br>
#<br>
# Or you can specify an error URL or URL pattern. The browsers
will<br>
# get redirected to the specified URL after formatting tags
have<br>
# been replaced. Redirect will be done with 302 or 307
according to<br>
# HTTP/1.1 specs. A different 3xx code may be specified by
prefixing<br>
# the URL. e.g. 303:<a moz-do-not-send="true"
class="moz-txt-link-freetext" href="http://example.com/">http://example.com/</a><br>
#<br>
# URL FORMAT TAGS:<br>
# %a - username (if available. Password NOT included)<br>
# %B - FTP path URL<br>
# %e - Error number<br>
# %E - Error description<br>
# %h - Squid hostname<br>
# %H - Request domain name<br>
# %i - Client IP Address<br>
# %M - Request Method<br>
# %o - Message result from external ACL helper<br>
# %p - Request Port number<br>
# %P - Request Protocol name<br>
# %R - Request URL path<br>
# %T - Timestamp in RFC 1123 format<br>
# %U - Full canonical URL from client<br>
# (HTTPS URLs terminate with *)<br>
# %u - Full canonical URL from client<br>
# %w - Admin email from squid.conf<br>
# %x - Error name<br>
# %% - Literal percent (%) code<br>
#<br>
#Default:<br>
# none<br>
<br>
?<br>
<br>
25.03.16 16:15, Alexandr Yatskin пишет:<br>
<span style="white-space: pre;">> Hello everyone!
> How redirect users to "Access Denied" page when they go to
blocked https sites?
> Now users only can see such error: "ERR_CONNECTION_CLOSED".
>
> There are several lines from our config:
> ------------------------------------------
> acl blocked_https ssl::server_name
"/etc/squid/blocked_https.txt"
> ssl_bump terminate blocked_https
> ------------------------------------------
> Thanks in advance.
>
>
>
> _______________________________________________
> squid-users mailing list
> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJW9UfKAAoJENNXIZxhPexG2KMH/1ACiOlqrvMRngV3K5xTKTQ+
<br>
ryx1oFWqH7sbn9vsAALZ8QBeVzucrH0XjDGRqbH7ehUd4a9XS0s03KsyGcDj5YAE
<br>
1uq5SYB+oSHpOYTEPN2uMUUTiMy1m3ZUq/Z9AONHEVu3avmRwliGpb7xMGMB7ORn
<br>
Oy/du+I8YsB9r7O2zIDTStmdafdpu/7Xf0NqWB1awxUyU3v9Q2gTckOiQcWKnCFG
<br>
3xY0sh9xAxayh0x1O7IuIbyhHRnFIhVbVI1fD3RDd5TqhkP61vtQyDsXMtC8Rxa1
<br>
HJSjttjN2Y3kgVGK57rJOaT1spR2B6Rfy98ZhXK/TI81cXmtgnM0987EB4p8OGw=
<br>
=kPrb
<br>
-----END PGP SIGNATURE-----
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>