Hi, I'm trying to figure out how to correctly handle ERROR pages (or deny pages) in one particular case. An HTTP client is trying to access a website as https://example.org/. I'm getting the following info in cache.log: 2017/11/14 09:11:11.481 kid1| 85,2| client_side_request.cc(745) clientAccessCheckDone: The request GET https://example.org/ is ALLOWED; last ACL checked: bl_lookup 2017/11/14 09:11:11.481 kid1| 85,2| client_side_request.cc(721) clientAccessCheck2: No adapted_http_access configuration. default: ALLOW 2017/11/14 09:11:11.481 kid1| 85,2| client_side_request.cc(745) clientAccessCheckDone: The request GET https://example.org/ is ALLOWED; last ACL checked: bl_lookup 2017/11/14 09:11:11.591 kid1| 88,2| client_side_reply.cc(2073) processReplyAccessResult: The reply for GET https://example.org/ is DENIED, because it matched denied_restricted1_mimetypes_rep 2017/11/14 09:11:11.591 kid1| 88,2| client_side_reply.cc(2073) processReplyAccessResult: The reply for GET https://example.org/ is ALLOWED, because it matched denied_restricted1_mimetypes_rep This is what I have in squid.conf (part of it): external_acl_type bllookup ttl=86400 negative_ttl=86400 children-max=80 children-startup=10 children-idle=3 concurrency=8 %PROTO %DST %PORT %PATH /opt/custom/scripts/ext_sql_blwl_acl.pl --table=shallalist_bl --categories=adv,aggressive,alcohol,anonvpn,automobile_bikes,automobile_boats,automobie_cars,automobile_planes,chat,costtraps,dating,drugs,dynamic,finance_insurance,finance_moneylending,finance_other,finance_realestate,finance_trading,fortunetlling,forum,gamble,hacking,hobby_cooking,hobby_games-misc,hobby_games-online,hobby_gardening,hobby_pets,homestyle,imagehosting,isp,jobsearch,military,models,ovies,music,podcasts,politics,porn,radiotv,recreation_humor,recreation_martialarts,recreation_restaurants,recreation_sports,recreation_travel,recreation_welless,redirector,religion,remotecontrol,ringtones,science_astronomy,science_chemistry,sex_education,sex_lingerie,shopping,socialnet,spyware,tracker,updatesitesurlshortener,violence,warez,weapons,webphone,webradio,webtv acl allowed_ips src "/opt/custom/proxy-settings/allowed.ips" acl allowed_extra1_ips src "/opt/custom/proxy-settings/allowed.extra1.ips" acl allowed_groups external nt_group "/opt/custom/proxy-settings/allowed.groups" acl allowed_domains dstdomain "/opt/custom/proxy-settings/allowed.domains" acl allowed_domains_filetypes dstdomain "/opt/custom/proxy-settings/allowed.domains.filetypes" acl allowed_domains_mimetypes dstdomain "/opt/custom/proxy-settings/allowed.domains.mimetypes" acl denied_domains dstdomain -i "/opt/custom/proxy-settings/denied.domains" acl denied_extra1_domains dstdomain -i "/opt/custom/proxy-settings/denied.extra1.domains" acl denied_ads url_regex "/opt/custom/proxy-settings/denied.ads" acl denied_filetypes urlpath_regex -i "/opt/custom/proxy-settings/denied.filetypes" acl denied_mimetypes_req req_mime_type -i "/opt/custom/proxy-settings/denied.mimetypes" acl denied_extra1_mimetypes_req req_mime_type -i "/opt/custom/proxy-settings/denied.extra1.mimetypes" acl denied_mimetypes_rep rep_mime_type -i "/opt/custom/proxy-settings/denied.mimetypes" acl denied_extra1_mimetypes_rep rep_mime_type -i "/opt/custom/proxy-settings/denied.extra1.mimetypes" acl denied_restricted1_mimetypes_req req_mime_type -i "/opt/custom/proxy-settings/denied.restricted1.mimetypes" acl denied_restricted1_mimetypes_rep rep_mime_type -i "/opt/custom/proxy-settings/denied.restricted1.mimetypes" acl allowed_restricted1_domains dstdomain -i "/opt/custom/proxy-settings/allowed.restricted1.domains" acl allowed_restricted1_ips dst "/opt/custom/proxy-settings/allowed.restricted1.ips" acl restricted_ips src "/opt/custom/proxy-settings/restricted.ips" acl restricted_groups external nt_group "/opt/custom/proxy-settings/restricted.groups" acl restricted_domains dstdomain "/opt/custom/proxy-settings/restricted.domains" acl bl_lookup external bllookup acl denied_urlshorteners dstdomain -i "/opt/custom/proxy-settings/db/HMANshallalist/urlshortener/domains" http_access deny explicit !ORG_all http_access deny explicit SSL_ports http_access deny intercepted !localnet http_access deny interceptedssl !localnet http_access allow localnet !restricted_ips allowed_domains http_access allow localnet !restricted_ips allowed_ips http_reply_access allow localnet !restricted_ips allowed_ips http_reply_access allow localnet !restricted_ips allowed_domains http_access allow restricted_ips restricted_domains http_access deny restricted_ips http_access deny !allowed_ips denied_urlshorteners http_access deny CONNECT !allowed_ips denied_urlshorteners deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_urlshorteners denied_urlshorteners http_access allow denied_restricted1_mimetypes_req allowed_restricted1_domains http_access allow denied_restricted1_mimetypes_req allowed_restricted1_ips http_reply_access allow denied_restricted1_mimetypes_rep allowed_restricted1_domains http_reply_access allow denied_restricted1_mimetypes_rep allowed_restricted1_ips http_access allow denied_extra1_mimetypes_req allowed_extra1_ips denied_extra1_domains http_reply_access allow denied_extra1_mimetypes_rep allowed_extra1_ips denied_extra1_domains http_access deny denied_restricted1_mimetypes_req http_reply_access deny denied_restricted1_mimetypes_rep http_access deny denied_extra1_mimetypes_req http_reply_access deny denied_extra1_mimetypes_rep http_access deny !allowed_ips denied_domains http_access deny CONNECT !allowed_ips denied_domains deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_domains denied_domains http_access allow allowed_extra1_ips denied_extra1_domains http_access deny denied_extra1_domains deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_extra1_domains denied_extra1_domains http_access deny denied_filetypes !allowed_domains_filetypes http_reply_access deny denied_filetypes !allowed_domains_filetypes deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_filetypes denied_filetypes http_access deny denied_mimetypes_req !allowed_domains_mimetypes http_reply_access deny denied_mimetypes_rep !allowed_domains_mimetypes deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_mimetypes denied_mimetypes_req deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_mimetypes denied_mimetypes_rep http_access allow localnet bl_lookup ---- I understand Squid accepts the REQUEST, but not the REPLY as it matches denied_restricted1_mimetypes_rep. However, I don't understand why the client browser doesn't display the deny_info page at http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_mimetypes. Instead, it shows ERR_ACCESS_DENIED. Thanks, Vieri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users