Re: [squid-users] https site denial only loads a part of the defined error message

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 26 Mar 2009 10:26:57 +1200 (NZST)

>
>
> For certain groups, we are giving access to public mail servers like
> gmail/yahoo etc based on time only. When they are trying to access any
> http mail site, they are getting the complete error message which i
> defined, but when they are accessing any https:// mail site, they are
> getting the same ERROR page BUT ONLY the headings of the error message.
> the complete contents is not displayed.
>
> The following is the acl
>
> ### Personal mail Access Policies (Yahoo/Gmail etc)
> acl mail_sites dstdomain "/etc/squid/include-files/mail_sites.squid"
> http_access allow mail_sites vip_acl
> http_access allow mail_sites power_acl
> http_access allow mail_sites thursday_off_time download_surfers_acl
> http_access allow mail_sites off_time_1 download_surfers_acl
> http_access allow mail_sites thursday_off_time surfers_acl
> http_access allow mail_sites off_time_1 surfers_acl
> http_access deny mail_sites
> deny_info ERR_MAIL_SITES mail_sites
>
>
> WHy it is happening So???
>

Because HTTPS is not plain old HTTP.

When you send HTTP back in response to a HTTPS tunnel open request
browsers start to display their weirdness.

You will find some browsers display the error, some do not. Some will
display the raw HTML that came back but ignore any included images/CSS
etc.

This is the first I've heard of partial displays, but its not entirely
surprising.

Amos
Received on Wed Mar 25 2009 - 22:27:03 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 26 2009 - 12:00:02 MDT