On 2/02/2014 11:04 p.m., babajaga wrote: > Actually, I have a private proxy on the web, set up to be used by me only, > when on the road, in areas of slow wired/wireless connection. Part of it is > to remove ads, when browsing. This is done using local DNS on squid machine, > pointing to 127.0.0.1 for well known ad sites. And a patched web server on > squid machine, always serving minimum content, so no error is visible in the > browser, at least. > This works fine. > Now, quite a few ad providers start using https:\\wellknown.adsite.com . > Which then leads to the following error message in the browser, instead of > the ad: > "The connection has timed out > The server at wellknown.adsite.com is taking too long to respond." > (504 Gateway Timeout) > I assume, because the CONNECT will not get any response from my local > (faked) wellknown.adsite.com > > Any suggestion, how/where to hack squid2.7 to also get rid of these ones ? > My idea just now is modifying "504 Gateway Timout" to "204 No Content". > Not knowing https-protocol, will this lead to more errors later on ? > Or any other ideas ? deny_info works in squid-2.7 in a basic way. The to_localhost ACL in Squid matches the traffic your DNS is dead-routing. deny_info ERR_BLANK to_localhost http_access deny to_localhost ... where ERR_BLANK is an empty file. PS. no need for that dummy web server. Squid will be generating the error response with 0 byte payload to any localhost traffic at around half the CPU load. Amos