Search squid archive

Re: "ACCESS DENIED" page by ssl_bump terminate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've already checked it. Order of this options doesn't matter.


28.03.2016 15:30, Yuri Voinov пишет:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
I suggests the order is important and must be:

ssl_bump terminate blocked_https
deny_info http://www.example.com blocked_https

28.03.16 11:59, Alexandr Yatskin пишет:
> Directive "deny_info" didn't work when we blocked https site with option "ssl_bump". > Maybe, is there another method? > > -------------------------------------------------------------------- > acl blocked_https ssl::server_name  "/etc/squid/blocked_https.txt" > acl step1 at_step SslBump1 > ssl_bump peek step1 > > deny_info http://www.example.com blocked_https > ssl_bump terminate blocked_https > -------------------------------------------------------------------- > > > 25.03.2016 17:14, Yuri Voinov пишет: >> > #  TAG: deny_info > #    Usage:   deny_info err_page_name acl > #    or       deny_info http://... acl > #    or       deny_info TCP_RESET acl > # > #    This can be used to return a ERR_ page for requests which > #    do not pass the 'http_access' rules.  Squid remembers the last > #    acl it evaluated in http_access, and if a 'deny_info' line exists > #    for that ACL Squid returns a corresponding error page. > # > #    The acl is typically the last acl on the http_access deny line which > #    denied access. The exceptions to this rule are: > #    - When Squid needs to request authentication credentials. It's then > #      the first authentication related acl encountered > #    - When none of the http_access lines matches. It's then the last > #      acl processed on the last http_access line. > #    - When the decision to deny access was made by an adaptation service, > #      the acl name is the corresponding eCAP or ICAP service_name. > # > #    NP: If providing your own custom error pages with error_directory > #        you may also specify them by your custom file name: > #        Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys > # > #    By defaut Squid will send "403 Forbidden". A different 4xx or 5xx > #    may be specified by prefixing the file name with the code and a colon. > #    e.g. 404:ERR_CUSTOM_ACCESS_DENIED > # > #    Alternatively you can tell Squid to reset the TCP connection > #    by specifying TCP_RESET. > # > #    Or you can specify an error URL or URL pattern. The browsers will > #    get redirected to the specified URL after formatting tags have > #    been replaced. Redirect will be done with 302 or 307 according to > #    HTTP/1.1 specs. A different 3xx code may be specified by prefixing > #    the URL. e.g. 303:http://example.com/ > # > #    URL FORMAT TAGS: > #        %a    - username (if available. Password NOT included) > #        %B    - FTP path URL > #        %e    - Error number > #        %E    - Error description > #        %h    - Squid hostname > #        %H    - Request domain name > #        %i    - Client IP Address > #        %M    - Request Method > #        %o    - Message result from external ACL helper > #        %p    - Request Port number > #        %P    - Request Protocol name > #        %R    - Request URL path > #        %T    - Timestamp in RFC 1123 format > #        %U    - Full canonical URL from client > #              (HTTPS URLs terminate with *) > #        %u    - Full canonical URL from client > #        %w    - Admin email from squid.conf > #        %x    - Error name > #        %%    - Literal percent (%) code > # > #Default: > # none > > ? > > 25.03.16 16:15, Alexandr Yatskin пишет: > > Hello everyone! > >       > How redirect users to "Access Denied" page when they go to >       blocked https sites? > >       > Now users only can see such error: "ERR_CONNECTION_CLOSED". > > > >       > There are several lines from our config: > >       > ------------------------------------------ > >       > acl blocked_https ssl::server_name >       "/etc/squid/blocked_https.txt" > >       > ssl_bump terminate blocked_https > >       > ------------------------------------------ > >       > Thanks in advance. > > > > > > > >       > _______________________________________________ > >       > squid-users mailing list > >       > squid-users@xxxxxxxxxxxxxxxxxxxxx > >       > http://lists.squid-cache.org/listinfo/squid-users > >> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJW+SPZAAoJENNXIZxhPexGn0wIALLPgsRZLfdfo6j2cxRiYU2W
wREfDnN+i02rLBmboPiP1h9kk59r6wd37Fzbk8Ltp+zpQVv150Uo9ivHEfbOyeCk
/enX/vaBhnyaIk3BGHkdrmI2FcRMVFV+fh/C+nLixyRfswTq1Xv/cmY9YrkSBtDM
yt39353FlJFNwcz3wV+xlfibCQeMvJ8vLAa0jVGALeb0KwKgXJ90WlL2AssaiTRC
G74KCXSnF0eqgj9Mjbh0SN/b9YrINAnjjOBiYAx8epMLD2Rl2VxXNFcWNUKRUiiV
0mHOocOe4Q8Wrqh5WS2NUcN921FEoW5bwsKdbItAl0xQs0Ow9Cax8aVIKWDYQyo=
=FmF4
-----END PGP SIGNATURE----- 


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux