On 28/08/20 6:22 pm, Janos Dohanics wrote:
> Is there a way to have deny_info instruct browsers to reliably
> display the desired URL/page?
On Fri, 28 Aug 2020 18:59:56 +1200
Amos Jeffries <squ...@treenet.co.nz> wrote:
No there is not. This is a security feature of Browsers not something
Squid can workaround.
CONNECT is a request to open a TCP connection. Delivering an HTTP
page, or even a URL redirect in response to a TCP connection request
is completely the wrong type of result.
Like asking someone to open a door because you have a load of things
needing to go through it - and they instead throw a basket of apples
at you. Not want you expected, and more harm than good.
On 28.08.20 04:23, Janos Dohanics wrote:
Thanks for the explanation - so, the rationale for the http://... acl
value in the deny_info directive is conditioned on "if the browser is
willing"?
when you ask via HTTP for HTTP page and get HTTP answer, it is different
than asking via HTTP for CONNECT and getting CONNECT denied via HTTP.
in the latter case it is clear that the request was denied by proxy and
since secure content was requested, the insecure response must not be shown.
That's the security provided.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
