> On ons, 2007-08-15 at 01:08 +1200, Amos Jeffries wrote: >> Chris Robertson wrote: > >> > The "all" here should be the first acl referenced on the line or it >> will >> > prevent your deny_info message from being shown. >> > >> > e.g. "http_access deny all maxcon" >> > >> >> deny_info ERR_MAXCON maxcon >> >> >> >> That sounds a lot like a bug. > > Does it? Squid reads http_access lines left to right..
Um, arg. I must have had my head on backwards yesterday. this is the third simple logic error you've caught for me. I was thinking of the LHS ACL matching and stopping to be used by the deny. Not the AND case in effect where it MUST continue through the rest. > > But yes, it can be documented better. The notes in deny_info isn't > exactl helpful on this subject.. > > deny_info matches the last acl on the http_access deny line which denied > access, or if authentication is required to process the request the > first authentication related acl encountered while processing the > http_access rules. One for the history books.... Maybe this should be changed in future so a deny_info can be given a name (like ALC are named now) but the http(s)_access adds a deny=NAME option to specify the exact alternative page to be used. Amos
