[squid-users] Custom error page for HTTP status 400-404, 500
Hi, I am running a squid 3.2.1 server as a reverse proxy. I have several Microsoft Windows IIS servers as cache_peers. I am trying to setup a custom error page for various HTTP_STATUS codes such as 404 and 500. This is a relevant extract from my squid.conf file: #squid config extract# acl denied_status http_status 400-404 500 502 503 #Production JC cache_peer api.mydomain.com parent 443 0 no-query originserver ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on name=jc login=PASSTHRU acl sites_jc dstdomain api.mydomain.com cache_peer_access jc deny sites_jc denied_status cache_peer_access jc allow sites_jc serviceHours1 acl http proto http acl https proto https #EOF# If I try to access api.mydomain.com/nonexistant, I still see the IIS 404 error page rather than the access denied squid error. Any ideas? Cheers. -- http://www.fastmail.fm - A fast, anti-spam email service.
Re: [squid-users] Custom error page for HTTP status 400-404, 500
On 14/12/2012 5:41 p.m., Paul Ch wrote: Hi, I am running a squid 3.2.1 server as a reverse proxy. I have several Microsoft Windows IIS servers as cache_peers. I am trying to setup a custom error page for various HTTP_STATUS codes such as 404 and 500. This is a relevant extract from my squid.conf file: #squid config extract# acl denied_status http_status 400-404 500 502 503 #Production JC cache_peer api.mydomain.com parent 443 0 no-query originserver ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on name=jc login=PASSTHRU acl sites_jc dstdomain api.mydomain.com cache_peer_access jc deny sites_jc denied_status cache_peer_access jc allow sites_jc serviceHours1 acl http proto http acl https proto https #EOF# If I try to access api.mydomain.com/nonexistant, I still see the IIS 404 error page rather than the access denied squid error. Any ideas? cache_peer_access determines whether teh request s allowed to be serviced by the peer. How do you expect the future result form the peer to be used to determine whether to fetch it there? Use http_reply_access instead. Amos
Re: [squid-users] Custom error page for HTTP status 400-404, 500
Thanks Amos, this works perfectly. So cache_peer_access can block the request from even touching the peer where as http_reply_access would block it after it's been processed by the peer. Makes sence. Cheers! -- Paul Ch sima...@operamail.com On Fri, Dec 14, 2012, at 04:57 AM, Amos Jeffries wrote: On 14/12/2012 5:41 p.m., Paul Ch wrote: Hi, I am running a squid 3.2.1 server as a reverse proxy. I have several Microsoft Windows IIS servers as cache_peers. I am trying to setup a custom error page for various HTTP_STATUS codes such as 404 and 500. This is a relevant extract from my squid.conf file: #squid config extract# acl denied_status http_status 400-404 500 502 503 #Production JC cache_peer api.mydomain.com parent 443 0 no-query originserver ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on name=jc login=PASSTHRU acl sites_jc dstdomain api.mydomain.com cache_peer_access jc deny sites_jc denied_status cache_peer_access jc allow sites_jc serviceHours1 acl http proto http acl https proto https #EOF# If I try to access api.mydomain.com/nonexistant, I still see the IIS 404 error page rather than the access denied squid error. Any ideas? cache_peer_access determines whether teh request s allowed to be serviced by the peer. How do you expect the future result form the peer to be used to determine whether to fetch it there? Use http_reply_access instead. Amos -- http://www.fastmail.fm - A fast, anti-spam email service.
[squid-users] Custom error page for an acl
Hi, I would like to write an acl on squid for the block the users access to the internal domain and LAN from squid. for this i guess acl dst will help me but i also like to have a custom error page for this acl . How can i easily do that ? Regards
Re: [squid-users] Custom error page for an acl
Hi. On 08.08.2012 13:35, a bv wrote: I would like to write an acl on squid for the block the users access to the internal domain and LAN from squid. for this i guess acl dst will help me but i also like to have a custom error page for this acl . How can i easily do that ? I really think it would be better to block the entire access from the outer world to your squid on your firewall. :) Eugene.
[squid-users] Custom error page
Hello, I am trying to use a custom page, wich contains a css file and images. I renamed the page from index.html to ERR_ACCESS_DENIED and it only appears the HMTL content when I received a page error, without images and formats (from css file). I am using the 3.1 version. I need to know a way to solve that. Thanks, Marcio
Re: [squid-users] Custom error page
On 11/12/10 06:46, Marcio Garcia wrote: Hello, I am trying to use a custom page, wich contains a css file and images. I renamed the page from index.html to ERR_ACCESS_DENIED and it only appears the HMTL content when I received a page error, without images and formats (from css file). I am using the 3.1 version. I need to know a way to solve that. Squid is not a web server all objects embeded in the templates must be embeded with absolute URI. There also must be a web serer providing those objects without restriction to anyone who requests them. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
[squid-users] Custom Error Page
Hi All, acl ipA src 10.0.0.1 acl acTime time SM http_access deny ipA acTime for the above acl need to have custom ERR_ page deny_info ERR_TIME_DENIED ipA deny_info ERR_TIME_DENIED acTime ERR_TIME_DENIED page is in the squid error directory. what is the correct deny_info parameter to get a custom ERR_ page? //Remy -- Disclaimer and Confidentiality This material has been checked for computer viruses and although none has been found, we cannot guarantee that it is completely free from such problems and do not accept any liability for loss or damage which may be caused. Please therefore check any attachments for viruses before using them on your own equipment. If you do find a computer virus please inform us immediately so that we may take appropriate action. This communication is intended solely for the addressee and is confidential. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The views expressed in this message are those of the individual sender, and may not necessarily be that of ISA.
Re: [squid-users] Custom Error Page
Mario Remy Almeida wrote: Hi All, acl ipA src 10.0.0.1 acl acTime time SM http_access deny ipA acTime for the above acl need to have custom ERR_ page deny_info ERR_TIME_DENIED ipA deny_info ERR_TIME_DENIED acTime ERR_TIME_DENIED page is in the squid error directory. what is the correct deny_info parameter to get a custom ERR_ page? Your config above should work. NP: The last ACL named on http_access deny line is the one whose deny_info page gets used. So you may not need to set it for both ACL. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
RE: [squid-users] Custom error page based on IP.
Hi, NP: the line above deny_info ERR_EXTERNAL_IP not swan should be configured as: deny_info ERR_EXTERNAL_IP swan Can you explain why would want to do that? Unless the ERR_EXTERNAL_IP is generating the redirect to include various of the Squid % error page codes it can be replaced further with: deny_info http://internal.server/errorpage.html swan That's a far more elegant way of doing it, I shall implement that when I return after the holiday. Thanks, Jezz. -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: 09 April 2009 05:18 To: Palmer J.D.F. Cc: John Doe; squid-users@squid-cache.org Subject: RE: [squid-users] Custom error page based on IP. Sorry for the somewhat large delay in replying to you, I have been on longish term sick. However I've just returned and have sussed this out. Firstly I added the following rules to squid.conf. acl swan src 123.45.0.0/16 # The campus subnet, which was already defined in squid.conf . deny_info ERR_EXTERNAL_IP not swan # if client's source IP is not in swan subnet then instantiate error page acl www dst 123.45.67.89 # campus www server holding the instruction page http_access allow www !swan # allows access to web server from IP's that are outside of swan subnet http_access deny !swan # deny src IP's outside the swan subnet. Then created a custom error file (ERR_EXTERNAL_IP) which contains a redirect to the page on the campus webserver. If you don't allow the access to the campus web server, you get a recursive deny and all gets a bit messy. NP: the line above deny_info ERR_EXTERNAL_IP not swan should be configured as: deny_info ERR_EXTERNAL_IP swan Unless the ERR_EXTERNAL_IP is generating the redirect to include various of the Squid % error page codes it can be replaced further with: deny_info http://internal.server/errorpage.html swan Amos Simples! Cheers, Jezz. -Original Message- From: John Doe [mailto:jd...@yahoo.com] Sent: 13 February 2009 09:58 To: Palmer J.D.F. Subject: Re: [squid-users] Custom error page based on IP. From: Palmer J.D.F. j.d.f.pal...@swansea.ac.uk Is it possible to have a custom error page that is displayed only when a client machine tries to connect to our squid caches from outside our subnet? We have a lot of users visitors that use their machines on site, but also off site on other networks; occasionally these users try to proxy via our cache from off site networks outside our subnet; we have acls in place that prevent remote proxying, but as it is they just get an Access Denied error. If possible I'd like to replace this error with an explanation and instructions on how to re-configure their browser. As far as I can tell the same Access Denied error (ERR_ACCESS_DENIED) is displayed for a multitude of reasons, hence not viable to just edit the existing error; is it possible to have a different error just for this scenario? Maybe you could use url rewrites to forward them to a specific web page that would explain why they cannot use the proxy from outside... JD
RE: [squid-users] Custom error page based on IP.
Sorry for the somewhat large delay in replying to you, I have been on longish term sick. However I've just returned and have sussed this out. Firstly I added the following rules to squid.conf. acl swan src 123.45.0.0/16 # The campus subnet, which was already defined in squid.conf . deny_info ERR_EXTERNAL_IP not swan # if client's source IP is not in swan subnet then instantiate error page acl www dst 123.45.67.89 # campus www server holding the instruction page http_access allow www !swan # allows access to web server from IP's that are outside of swan subnet http_access deny !swan # deny src IP's outside the swan subnet. Then created a custom error file (ERR_EXTERNAL_IP) which contains a redirect to the page on the campus webserver. If you don't allow the access to the campus web server, you get a recursive deny and all gets a bit messy. Simples! Cheers, Jezz. -Original Message- From: John Doe [mailto:jd...@yahoo.com] Sent: 13 February 2009 09:58 To: Palmer J.D.F. Subject: Re: [squid-users] Custom error page based on IP. From: Palmer J.D.F. j.d.f.pal...@swansea.ac.uk Is it possible to have a custom error page that is displayed only when a client machine tries to connect to our squid caches from outside our subnet? We have a lot of users visitors that use their machines on site, but also off site on other networks; occasionally these users try to proxy via our cache from off site networks outside our subnet; we have acls in place that prevent remote proxying, but as it is they just get an Access Denied error. If possible I'd like to replace this error with an explanation and instructions on how to re-configure their browser. As far as I can tell the same Access Denied error (ERR_ACCESS_DENIED) is displayed for a multitude of reasons, hence not viable to just edit the existing error; is it possible to have a different error just for this scenario? Maybe you could use url rewrites to forward them to a specific web page that would explain why they cannot use the proxy from outside... JD
RE: [squid-users] Custom error page based on IP.
Sorry for the somewhat large delay in replying to you, I have been on longish term sick. However I've just returned and have sussed this out. Firstly I added the following rules to squid.conf. acl swan src 123.45.0.0/16 # The campus subnet, which was already defined in squid.conf . deny_info ERR_EXTERNAL_IP not swan # if client's source IP is not in swan subnet then instantiate error page acl www dst 123.45.67.89 # campus www server holding the instruction page http_access allow www !swan # allows access to web server from IP's that are outside of swan subnet http_access deny !swan # deny src IP's outside the swan subnet. Then created a custom error file (ERR_EXTERNAL_IP) which contains a redirect to the page on the campus webserver. If you don't allow the access to the campus web server, you get a recursive deny and all gets a bit messy. NP: the line above deny_info ERR_EXTERNAL_IP not swan should be configured as: deny_info ERR_EXTERNAL_IP swan Unless the ERR_EXTERNAL_IP is generating the redirect to include various of the Squid % error page codes it can be replaced further with: deny_info http://internal.server/errorpage.html swan Amos Simples! Cheers, Jezz. -Original Message- From: John Doe [mailto:jd...@yahoo.com] Sent: 13 February 2009 09:58 To: Palmer J.D.F. Subject: Re: [squid-users] Custom error page based on IP. From: Palmer J.D.F. j.d.f.pal...@swansea.ac.uk Is it possible to have a custom error page that is displayed only when a client machine tries to connect to our squid caches from outside our subnet? We have a lot of users visitors that use their machines on site, but also off site on other networks; occasionally these users try to proxy via our cache from off site networks outside our subnet; we have acls in place that prevent remote proxying, but as it is they just get an Access Denied error. If possible I'd like to replace this error with an explanation and instructions on how to re-configure their browser. As far as I can tell the same Access Denied error (ERR_ACCESS_DENIED) is displayed for a multitude of reasons, hence not viable to just edit the existing error; is it possible to have a different error just for this scenario? Maybe you could use url rewrites to forward them to a specific web page that would explain why they cannot use the proxy from outside... JD
[squid-users] Custom error page based on IP.
Hi, Is it possible to have a custom error page that is displayed only when a client machine tries to connect to our squid caches from outside our subnet? We have a lot of users visitors that use their machines on site, but also off site on other networks; occasionally these users try to proxy via our cache from off site networks outside our subnet; we have acls in place that prevent remote proxying, but as it is they just get an Access Denied error. If possible I'd like to replace this error with an explanation and instructions on how to re-configure their browser. As far as I can tell the same Access Denied error (ERR_ACCESS_DENIED) is displayed for a multitude of reasons, hence not viable to just edit the existing error; is it possible to have a different error just for this scenario? Many thanks, Jezz Palmer.
