On 12/09/19 7:45 am, Igor Rylov wrote: > After I've wrote my question, I thought, if it's possible to to do it with: > > acl sites_blocking_redirect url_regex eais\.rkn\.gov\.ru > <http://eais.rkn.gov.ru> > reply_header_access Location deny sites_blocking_redirect > > Is it a workable or the correct way to do it, so it solves my problem? It is close. That would stop the Location header getting to the client Browser. But the 302 status still will, and given that the Browser back button functionality is not working like it used to (a browser bug?), the full result may still not be worth it. I would use the http_reply_access to deny instead. That way the client gets a 403 status from Squid and definitely none of the upstream's redirect. If you want to be more fancy than 403, the current Squid can attach a deny_info to the ACL to make the denial have 451 status with custom template page explaining the block to any user that sees it. (Which is what your upstream should have been doing.) Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users