Sorry for the somewhat large delay in replying to you, I have been on longish term sick. However I've just returned and have sussed this out. Firstly I added the following rules to squid.conf. acl swan src 123.45.0.0/16 # The campus subnet, which was already defined in squid.conf ..... deny_info ERR_EXTERNAL_IP not swan # if client's source IP is not in swan subnet then instantiate error page acl www dst 123.45.67.89 # campus www server holding the instruction page http_access allow www !swan # allows access to web server from IP's that are outside of swan subnet http_access deny !swan # deny src IP's outside the swan subnet. Then created a custom error file (ERR_EXTERNAL_IP) which contains a redirect to the page on the campus webserver. If you don't allow the access to the campus web server, you get a recursive deny and all gets a bit messy. Simples! Cheers, Jezz. > -----Original Message----- > From: John Doe [mailto:jdmls@xxxxxxxxx] > Sent: 13 February 2009 09:58 > To: Palmer J.D.F. > Subject: Re: Custom error page based on IP. > > > From: Palmer J.D.F. <J.D.F.Palmer@xxxxxxxxxxxxx> > > Is it possible to have a custom error page that is displayed only > when a > > client machine tries to connect to our squid caches from outside our > > subnet? > > > > We have a lot of users & visitors that use their machines on site, > but > > also off site on other networks; occasionally these users try to > proxy > > via our cache from off site networks outside our subnet; we have acls > in > > place that prevent remote proxying, but as it is they just get an > Access > > Denied error. > > If possible I'd like to replace this error with an explanation and > > instructions on how to re-configure their browser. > > > > As far as I can tell the same Access Denied error (ERR_ACCESS_DENIED) > is > > displayed for a multitude of reasons, hence not viable to just edit > the > > existing error; is it possible to have a different error just for > this > > scenario? > > Maybe you could use url rewrites to forward them to a specific web page > that would explain why they cannot use the proxy from outside... > > JD > > >
