Geoff Varney wrote:
Chris,
I'm glad I saw this post today as I also would like to just get rid of the
authentication prompt when as user attempts to use the Web when listed in my
denied_users ACL. It works perfectly as you said when adding "all" to the
end of the http_access deny statement.
However, now I'd like to use a custom error page when this occurs. Instead
of the stock "Access Denied" page and its reasons, I made one that tells the
user the reasons why their access may be denied (no AUP signed or
inappropriate use, etc.) This works perfectly when my squid.conf is like
this:
acl denied_users proxy_auth_regex -i '/etc/squid/denied_users'
deny_info ERR_USER_ACCESS_DENIED denied_users
http_access deny denied_users
but if I do this:
acl denied_users proxy_auth_regex -i '/etc/squid/denied_users'
deny_info ERR_USER_ACCESS_DENIED denied_users
all
then the normal ERR_ACCESS_DENIED error page comes up. Is there a way to
make this work (custom error message) while NOT prompting the user for
authorization?
I guess I could modify the ERR_ACCESS_DENIED but I don't want to confuse
things if it comes up for some other reason other than being part of the
denied_users ACL. I suppose I could just ADD to the current error page info
that would help the user understand what's going on...
Thanks,
Geoff
Make a new ACL...
ACL auth_deny_all src 0.0.0.0
...change your deny_info...
deny_info ERR_USER_ACCESS_DENIED denied_users
...and you should be set.
http_access deny denied_users auth_deny_all
...will block users without re-prompting for authentication, and give
the custom error message.
Chris
