On Fri, 28 Aug 2020 10:31:41 +0200 Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote: > >> On 28/08/20 6:22 pm, Janos Dohanics wrote: > >> > Is there a way to have deny_info instruct browsers to reliably > >> > display the desired URL/page? > > >On Fri, 28 Aug 2020 18:59:56 +1200 > >Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > >> No there is not. This is a security feature of Browsers not > >> something Squid can workaround. > >> > >> CONNECT is a request to open a TCP connection. Delivering an HTTP > >> page, or even a URL redirect in response to a TCP connection > >> request is completely the wrong type of result. > >> > >> Like asking someone to open a door because you have a load of > >> things needing to go through it - and they instead throw a basket > >> of apples at you. Not want you expected, and more harm than good. > > On 28.08.20 04:23, Janos Dohanics wrote: > >Thanks for the explanation - so, the rationale for the http://... acl > >value in the deny_info directive is conditioned on "if the browser is > >willing"? > > when you ask via HTTP for HTTP page and get HTTP answer, it is > different than asking via HTTP for CONNECT and getting CONNECT denied > via HTTP. > > in the latter case it is clear that the request was denied by proxy > and since secure content was requested, the insecure response must > not be shown. Thanks - would you have an example of using deny_info http://... acl which actually works? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
