Search squid archive

RE: Custom error page based on IP.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Sorry for the somewhat large delay in replying to you, I have been on
> longish term sick.
> However I've just returned and have sussed this out.
>
> Firstly I added the following rules to squid.conf.
>
> acl swan src 123.45.0.0/16           # The campus subnet, which was
> already defined in squid.conf
> .....
> deny_info ERR_EXTERNAL_IP not swan   # if client's source IP is not in
> swan subnet then instantiate error page
> acl www dst 123.45.67.89             # campus www server holding the
> instruction page
> http_access allow www !swan          # allows access to web server from
> IP's that are outside of swan subnet
> http_access deny !swan               # deny src IP's outside the swan
> subnet.
>
> Then created a custom error file (ERR_EXTERNAL_IP) which contains a
> redirect to the page on the campus webserver.
>
> If you don't allow the access to the campus web server, you get a
> recursive deny and all gets a bit messy.


NP: the line above "deny_info ERR_EXTERNAL_IP not swan"
 should be configured as:
  deny_info ERR_EXTERNAL_IP swan

Unless the ERR_EXTERNAL_IP is generating the redirect to include various
of the Squid % error page codes it can be replaced further with:
  deny_info http://internal.server/errorpage.html swan


Amos

>
> Simples!
>
> Cheers,
> Jezz.
>
>
>> -----Original Message-----
>> From: John Doe [mailto:jdmls@xxxxxxxxx]
>> Sent: 13 February 2009 09:58
>> To: Palmer J.D.F.
>> Subject: Re:  Custom error page based on IP.
>>
>>
>> From: Palmer J.D.F. <J.D.F.Palmer@xxxxxxxxxxxxx>
>> > Is it possible to have a custom error page that is displayed only
>> when a
>> > client machine tries to connect to our squid caches from outside our
>> > subnet?
>> >
>> > We have a lot of users & visitors that use their machines on site,
>> but
>> > also off site on other networks; occasionally these users try to
>> proxy
>> > via our cache from off site networks outside our subnet; we have
> acls
>> in
>> > place that prevent remote proxying, but as it is they just get an
>> Access
>> > Denied error.
>> > If possible I'd like to replace this error with an explanation and
>> > instructions on how to re-configure their browser.
>> >
>> > As far as I can tell the same Access Denied error
> (ERR_ACCESS_DENIED)
>> is
>> > displayed for a multitude of reasons, hence not viable to just edit
>> the
>> > existing error; is it possible to have a different error just for
>> this
>> > scenario?
>>
>> Maybe you could use url rewrites to forward them to a specific web
> page
>> that would explain why they cannot use the proxy from outside...
>>
>> JD
>>
>>
>>
>
>



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux