[squid-users] redirect directly to error page
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Sep 15 17:14:31 UTC 2015
>On 15/09/2015 3:13 a.m., Matus UHLAR - fantomas wrote:
>> we have squidguard on a few servers and I'd like to redirect client's
>> request
>> directly to squid's error page, e.g. ERR_ACCESS_DENIED
>> Is that possible directly through e.g. internal URL, or do I have to play
>> with special page and acl?
>> (it should work for CONNECT requests too)
On 15.09.15 21:50, Amos Jeffries wrote:
>By the time the URL-rewrite helper lookup is sent the access controls
>have already determined that the request access is *accepted* and
>*allowed*. It is even almost finished being processed. Far too late to
>deny it.
>
>The right way to perform access authorization is with the http_access or
>adapted_http_access rules. That is also the only way to *generate*
>ERR_ACCESS_DENIED.
doesn't adapted_http_access apply for redirected pages?
I thouhght I could use it for denying access just as in http_access...
>Those rules have an external_acl_type helper interface for performing
>helper lookups and dont need any fancy trickery with URLs or web
>servers. deny_info is provided for presenting custom pages (or HTTP
>redirect URLs) from any ACL results.
>
>And yes, doing it the right way will work with CONNECT too. In so far as
>Squid output is concerned anyway. The popular browsers are still
>refusing to honour any kind of non-200 response from proxies.
do you know any not home-brew software that uses this feature?
I'd prefer something that is already packaged in debian, but unfortunately
only squidguard and similar.
maybe should use c_icap and urlcheck feature, but that one seems be a level
harder to configure/understand...
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
More information about the squid-users
mailing list