[squid-users] "ACCESS DENIED" page by ssl_bump terminate
Yuri Voinov
yvoinov at gmail.com
Mon Mar 28 18:01:51 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
28.03.16 20:59, Alex Rousskov пишет:
> On 03/27/2016 11:59 PM, Alexandr Yatskin wrote:
>> Directive "deny_info" didn't work when we blocked https site with option
>> "ssl_bump".
>
> "deny_info" is not compatible with the ssl_bump "terminate" action. The
> "terminate" action means "Close client and server connections". It is
> impossible to serve an [error] response on a closed connection.
>
> IIRC, blocking the CONNECT request (fake or real) with http_access is
> enough to force Squid to respond with an "access denied" error -- Squid
> should automatically bump the client connection (if that is still
> possible when the CONNECT request is blocked) to serve an error response.
I.e., to use deny_info bump is required?
>
>
>
> HTH,
>
> Alex.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW+XGPAAoJENNXIZxhPexGszEH/0KiEKoqE54cq3iO2t5ny78Y
Mk2q1E8+PFOf5rT0Q4yGpi339ZvVL5MQMtFqle/MhAidnUsYwTYT/9Skut94BTuf
PqM9L6G2zZjcats4cgL83qx/qkNxWGCxlWoZe1bMI5F1tkGkJaBsS8I1fEVWKezB
ScToG0IdXR52yvbB/WpKeTPobzd3Ie+hQvdmom7ubr1FXumqplVvXN/S8pLEObOn
TvcEBVvcUXYXa2n5MZ3oJaV4oW95Q0GeQ6AiHDfVE76qYSs3ZTdj9vhanEs+ZKyp
a6ATIMm6JqPlFE+wDmmKCZgn//ePdAxi8lU3E/BFKARekL1vEMdsTyj+sJzXMYs=
=Cs8V
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160329/70bb3238/attachment-0001.key>
More information about the squid-users
mailing list