On 15/09/2015 3:13 a.m., Matus UHLAR - fantomas wrote:
we have squidguard on a few servers and I'd like to redirect client's
request
directly to squid's error page, e.g. ERR_ACCESS_DENIED
Is that possible directly through e.g. internal URL, or do I have to play
with special page and acl?
(it should work for CONNECT requests too)
On 15.09.15 21:50, Amos Jeffries wrote:
By the time the URL-rewrite helper lookup is sent the access controls
have already determined that the request access is *accepted* and
*allowed*. It is even almost finished being processed. Far too late to
deny it.
The right way to perform access authorization is with the http_access or
adapted_http_access rules. That is also the only way to *generate*
ERR_ACCESS_DENIED.
doesn't adapted_http_access apply for redirected pages?
I thouhght I could use it for denying access just as in http_access...
Those rules have an external_acl_type helper interface for performing
helper lookups and dont need any fancy trickery with URLs or web
servers. deny_info is provided for presenting custom pages (or HTTP
redirect URLs) from any ACL results.
And yes, doing it the right way will work with CONNECT too. In so far as
Squid output is concerned anyway. The popular browsers are still
refusing to honour any kind of non-200 response from proxies.
do you know any not home-brew software that uses this feature?
I'd prefer something that is already packaged in debian, but unfortunately
only squidguard and similar.
maybe should use c_icap and urlcheck feature, but that one seems be a level
harder to configure/understand...
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
