Any inbound connection that matches a "deny all" rule will be denied with no message. This is by design because of concern about denial of service attacks. The goal is to minimize resource consumption for denied connections from specific sources. I see that you are using method based permissions, which do need to read the user agent request before application. It's been a while since I've worked on that, I'll need to check the code to see how it is being handled in that case.
On Tue, Jun 22, 2021 at 7:32 AM Trilok Nathreddy <[email protected]> wrote: > Alan, > > So any thing denied from ip_allow can't be notified with custom exception > page using the body_factory pages or any built in deny page? > > Regards > Trilok > > > > > > On Mon, Jun 21, 2021, 10:02 PM Alan Carroll < > [email protected]> wrote: > >> Ah, I misread your comment and thought you were using the outbound >> controls. Unfortunately the point of the inbound control is to not talk to >> banned user agents as little as possible and so the connection is >> terminated immediately after the accept. No response is possible since ATS >> doesn't even know what protocol the user agent is using (TLS? HTTP/2? >> FTP?). What version of ATS are you using? >> >> On Mon, Jun 21, 2021 at 11:17 AM Trilok Nathreddy <[email protected]> >> wrote: >> >>> Alan, >>> >>> No >>> >>> On Mon, Jun 21, 2021, 7:26 PM Alan Carroll < >>> [email protected]> wrote: >>> >>>> The "access#defined" template doesn't get used? >>>> >>>> On Mon, Jun 21, 2021 at 7:26 AM Trilok Nathreddy <[email protected]> >>>> wrote: >>>> >>>>> I have configured the ip allow file to allow specific hosts to go out >>>>> to internet in forward proxy deployment but I need to show an customized >>>>> web page to the users who are denied. I checked the body_factory default >>>>> page but it doesn't get popped to the users.do we need to configure >>>>> anything extra to link this html page to the ACL? >>>>> >>>>> Regards >>>>> Trilok >>>>> 9949994745 >>>>> >>>>
