[squid-users] deny_info page not shown
Janos Dohanics
web at 3dresearch.com
Fri Aug 28 08:49:09 UTC 2020
On Fri, 28 Aug 2020 10:31:41 +0200
Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
> >> On 28/08/20 6:22 pm, Janos Dohanics wrote:
> >> > Is there a way to have deny_info instruct browsers to reliably
> >> > display the desired URL/page?
>
> >On Fri, 28 Aug 2020 18:59:56 +1200
> >Amos Jeffries <squid3 at treenet.co.nz> wrote:
> >> No there is not. This is a security feature of Browsers not
> >> something Squid can workaround.
> >>
> >> CONNECT is a request to open a TCP connection. Delivering an HTTP
> >> page, or even a URL redirect in response to a TCP connection
> >> request is completely the wrong type of result.
> >>
> >> Like asking someone to open a door because you have a load of
> >> things needing to go through it - and they instead throw a basket
> >> of apples at you. Not want you expected, and more harm than good.
>
> On 28.08.20 04:23, Janos Dohanics wrote:
> >Thanks for the explanation - so, the rationale for the http://... acl
> >value in the deny_info directive is conditioned on "if the browser is
> >willing"?
>
> when you ask via HTTP for HTTP page and get HTTP answer, it is
> different than asking via HTTP for CONNECT and getting CONNECT denied
> via HTTP.
>
> in the latter case it is clear that the request was denied by proxy
> and since secure content was requested, the insecure response must
> not be shown.
Thanks - would you have an example of using deny_info http://... acl
which actually works?
More information about the squid-users
mailing list