Hi All, I am trying to validate my understanding of external acl, deny_info and http_access deny all" interaction. My squid conf has just two rules. First is external ACL helper and then the "deny all" as follows: Case (1) ----------- external_acl_type my_helper ttl=0 negative_ttl=0 children-max=2 %PATH /usr/local/bin/acl acl AclName external my_helper deny_info 404:ERR_MY_ACL AclName http_access allow AclName http_access deny all -------- I want a default error code of 404 to be returned, along with a custom error message file being sent. My observations are as follows: 1. If my external ACL prints OK, it proceeds with processing. 2. If it prints ERR, instead of using the custom message, it proceeds to next access rule, which is "http_access deny all" When that fails it prints a default 403 message. If I remove "deny all" line it works well. Case (2) I tried changing "http_access allow" to "http_access deny" follows: -------- external_acl_type my_helper ttl=0 negative_ttl=0 children-max=2 %PATH /usr/local/bin/acl acl AclName external my_helper deny_info 404:ERR_MY_ACL AclName http_access deny !AclName http_access deny all ---------- In this case, whenever the acl helpers send "ERR", it prints the correct error message. But now, if it succeeds (prints OK), it goes to next line and fails there, instead of proceeding with further processing. Even in this case, removing the next "deny all" will work correctly. I find is strange that even when external ACL Helper matches and prints OK, because of the way the http_access line worded, it does not take it as a pass and goes to check next http_access line. Is this expected behavior? Or am I missing something? thanks, Sreenath _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users