Re: [squid-users] https and external acl

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 08 Feb 2011 18:28:41 +1300

On 08/02/11 05:16, Luis Enrique Sanchez Arce wrote:
>
> I have configure external acl in squid. If the external acl return ERR and the request is HTTPS the proxy return connection refuse. What is the possible problem ?.
>
> If the request is HTTP squid show a page with access denied.
>

Problem is malicious people attacking web browsers in ways that made
them decide never to show the user the body of any response to CONNECT.

There is no way you can make the error page show up when the browser
decides not to show it.

NP: If you want to use a special custom URL in deny_info the newly
released squid-3.1.11 includes support for HTTP/1.1 307 redirects to an
error page, some browsers (Firefox and Iceweasel so far) support that
response to CONNECT.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4
Received on Tue Feb 08 2011 - 05:28:47 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 08 2011 - 12:00:01 MST