Thanks, Chris. As usual there's a simple answer when one has a good handle on acls and stuff. I did as you recommended, but the deny_info ERR_USER_ACCESS_DENIED must be applied to the new acl (auth_deny_all) not denied_users, then it works just as you said. Thanks again. Geoff ______________________________ Geoff Varney Network Support Specialist Educational Service District 112 Ridgefield School District 360-619-1405 geoff.varney@xxxxxxxxxx -----Original Message----- From: Chris Robertson [mailto:crobertson@xxxxxxx] Sent: Tuesday, March 28, 2006 12:23 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: outright deny Geoff Varney wrote: >Chris, >I'm glad I saw this post today as I also would like to just get rid of the >authentication prompt when as user attempts to use the Web when listed in my >denied_users ACL. It works perfectly as you said when adding "all" to the >end of the http_access deny statement. > >However, now I'd like to use a custom error page when this occurs. Instead >of the stock "Access Denied" page and its reasons, I made one that tells the >user the reasons why their access may be denied (no AUP signed or >inappropriate use, etc.) This works perfectly when my squid.conf is like >this: > >acl denied_users proxy_auth_regex -i '/etc/squid/denied_users' >deny_info ERR_USER_ACCESS_DENIED denied_users >http_access deny denied_users > >but if I do this: > >acl denied_users proxy_auth_regex -i '/etc/squid/denied_users' >deny_info ERR_USER_ACCESS_DENIED denied_users >all > >then the normal ERR_ACCESS_DENIED error page comes up. Is there a way to >make this work (custom error message) while NOT prompting the user for >authorization? > >I guess I could modify the ERR_ACCESS_DENIED but I don't want to confuse >things if it comes up for some other reason other than being part of the >denied_users ACL. I suppose I could just ADD to the current error page info >that would help the user understand what's going on... > >Thanks, >Geoff > > > Make a new ACL... ACL auth_deny_all src 0.0.0.0 ...change your deny_info... deny_info ERR_USER_ACCESS_DENIED denied_users ...and you should be set. http_access deny denied_users auth_deny_all ...will block users without re-prompting for authentication, and give the custom error message. Chris
