> Sorry for the somewhat large delay in replying to you, I have been on > longish term sick. > However I've just returned and have sussed this out. > > Firstly I added the following rules to squid.conf. > > acl swan src 123.45.0.0/16 # The campus subnet, which was > already defined in squid.conf > ..... > deny_info ERR_EXTERNAL_IP not swan # if client's source IP is not in > swan subnet then instantiate error page > acl www dst 123.45.67.89 # campus www server holding the > instruction page > http_access allow www !swan # allows access to web server from > IP's that are outside of swan subnet > http_access deny !swan # deny src IP's outside the swan > subnet. > > Then created a custom error file (ERR_EXTERNAL_IP) which contains a > redirect to the page on the campus webserver. > > If you don't allow the access to the campus web server, you get a > recursive deny and all gets a bit messy. NP: the line above "deny_info ERR_EXTERNAL_IP not swan" should be configured as: deny_info ERR_EXTERNAL_IP swan Unless the ERR_EXTERNAL_IP is generating the redirect to include various of the Squid % error page codes it can be replaced further with: deny_info http://internal.server/errorpage.html swan Amos > > Simples! > > Cheers, > Jezz. > > >> -----Original Message----- >> From: John Doe [mailto:jdmls@xxxxxxxxx] >> Sent: 13 February 2009 09:58 >> To: Palmer J.D.F. >> Subject: Re: Custom error page based on IP. >> >> >> From: Palmer J.D.F. <J.D.F.Palmer@xxxxxxxxxxxxx> >> > Is it possible to have a custom error page that is displayed only >> when a >> > client machine tries to connect to our squid caches from outside our >> > subnet? >> > >> > We have a lot of users & visitors that use their machines on site, >> but >> > also off site on other networks; occasionally these users try to >> proxy >> > via our cache from off site networks outside our subnet; we have > acls >> in >> > place that prevent remote proxying, but as it is they just get an >> Access >> > Denied error. >> > If possible I'd like to replace this error with an explanation and >> > instructions on how to re-configure their browser. >> > >> > As far as I can tell the same Access Denied error > (ERR_ACCESS_DENIED) >> is >> > displayed for a multitude of reasons, hence not viable to just edit >> the >> > existing error; is it possible to have a different error just for >> this >> > scenario? >> >> Maybe you could use url rewrites to forward them to a specific web > page >> that would explain why they cannot use the proxy from outside... >> >> JD >> >> >> > >
