On 17.05.2017 16:04, Amos Jeffries wrote:
On 17/05/17 23:32, chcs wrote:Expected Results: Display proxy server error page with deny info.This is a well-known problem with Browsers, they all refuse to display any response to a CONNECT tunnel message. <http://wiki.squid-cache.org/Features/CustomErrors#Custom_error_pages_not_displayed_for_HTTPS>Use of TLS to secure the connection to the proxy does not affect this browser behaviour on HTTPS traffic. The best you can hope for is to make Squid use a 511 status code with deny_info and hope that it chooses to display something halfway useful.
there seems to be another problem ... at my setup any browser shows the proxy messages; with deny_info the special page e.g. ERR_DOMAIN_BLOCKED, without just the ERR_ACCESS_DENIED as default ... my squid 3.5,25 (CentOS 6.9) - thanks to Eliezer Croitoru for doing this good job; the custom error pages are only shown, when the proxy does SSL interception and the browser has installed the squid CA certificate ... why is this: without SSL interception, the browser sends a CONNECT and expects a SSL/TLS handshake, instead he gets an HTTP reply with the custom error page, which the browser doesn't know to handle at this moment ... only the information of HTTP header is processed; in case someone has configured https_port this is just the same, because the SSL/TLS connection to the webserver is tunneled inside the SSL/TLS connection between client and browser ...
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
