Re: [squid-users] deny_info URL not working

On 12/05/24 17:48, Dieter Bloms wrote: Hello, On Sat, May 11, Vilmondes Queiroz wrote: deny_info http://example.com !authorized_ips does it works, if you add the http status code like: deny_info 307:http://example.com !authorized_ips Also the "!" is not valid here. The ACL on deny_info l

Re: [squid-users] deny_info URL not working

Hello, On Sat, May 11, Vilmondes Queiroz wrote: > deny_info http://example.com !authorized_ips does it works, if you add the http status code like: deny_info 307:http://example.com !authorized_ips -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outl

Re: [squid-users] deny_info page not shown

Amos Jeffries wrote: CONNECT is a request to open a TCP connection. Delivering an HTTP page, or even a URL redirect in response to a TCP connection request is completely the wrong type of result. Like asking someone to open a door because you have a load of things needing to go through it - a

Re: [squid-users] deny_info page not shown

>> Amos Jeffries wrote: >>> CONNECT is a request to open a TCP connection. Delivering an HTTP >>> page, or even a URL redirect in response to a TCP connection request >>> is completely the wrong type of result. >>> Like asking someone to open a door because you have a load of things >>> needing t

Re: [squid-users] deny_info page not shown

On Fri, 28 Aug 2020 22:58:00 +1200 Amos Jeffries wrote: > On 28/08/20 8:49 pm, Janos Dohanics wrote: > > > > Thanks - would you have an example of using deny_info http://... acl > > which actually works? > > > > Any HTTP request message where 302 is a valid response status code > will work. Yo

Re: [squid-users] deny_info page not shown

On 28/08/20 8:49 pm, Janos Dohanics wrote: > > Thanks - would you have an example of using deny_info http://... acl > which actually works? > Any HTTP request message where 302 is a valid response status code will work. Your configuration does that. The problem is that Browsers only accept 20x

Re: [squid-users] deny_info page not shown

On Fri, 28 Aug 2020 10:31:41 +0200 Matus UHLAR - fantomas wrote: > >> On 28/08/20 6:22 pm, Janos Dohanics wrote: > >> > Is there a way to have deny_info instruct browsers to reliably > >> > display the desired URL/page? > > >On Fri, 28 Aug 2020 18:59:56 +1200 > >Amos Jeffries wrote: > >> No the

Re: [squid-users] deny_info page not shown

On 28/08/20 6:22 pm, Janos Dohanics wrote: > Is there a way to have deny_info instruct browsers to reliably > display the desired URL/page? On Fri, 28 Aug 2020 18:59:56 +1200 Amos Jeffries wrote: No there is not. This is a security feature of Browsers not something Squid can workaround. CONN

Re: [squid-users] deny_info page not shown

On Fri, 28 Aug 2020 18:59:56 +1200 Amos Jeffries wrote: > On 28/08/20 6:22 pm, Janos Dohanics wrote: > > > > Is there a way to have deny_info instruct browsers to reliably > > display the desired URL/page? > > No there is not. This is a security feature of Browsers not something > Squid can wor

Re: [squid-users] deny_info page not shown

On 28/08/20 6:22 pm, Janos Dohanics wrote: > > Is there a way to have deny_info instruct browsers to reliably display > the desired URL/page? No there is not. This is a security feature of Browsers not something Squid can workaround. CONNECT is a request to open a TCP connection. Delivering an H

Re: [squid-users] deny_info page not shown

On Fri, 28 Aug 2020 17:08:01 +1200 Amos Jeffries wrote: > [...] Amos, thank you for the quick reply. > > deny_info http://google.com custom > > Asks Squid to perform a URL-redirect to http://google.com instead of > delivering error pages when ACL "deny custom" happens. > > > > http_reply_ac

Re: [squid-users] deny_info page not shown

On 28/08/20 4:08 pm, Janos Dohanics wrote: > Hello, > > In my config file I have: > > deny_info http://google.com custom > > However, Firefox shows the error page "Unable to connect". > When? To what type of URL? > > acl custom dstdom_regex > "/usr/local/share/examples/squidGuard/blacklist

Re: [squid-users] deny_info redirect with URL placeholder

On Mon, Dec 9, 2019 at 10:04 AM Amos Jeffries wrote: > > > How could I refer to these values in the deny_info 302:%* line? > > deny_info 302:https:%o bad_Location > > This should do it for Squid-3 (and avoids the config parser bug). You > just have to have the helper produce the URL (without the

Re: [squid-users] deny_info redirect with URL placeholder

On Mon, Dec 9, 2019 at 10:04 AM Amos Jeffries wrote: > > > Is there a way to add a URL variable name to a deny_info 302 > > configuration directive? > > > > or as I showed > earlier with logformat codes. Though sorry that does require a later >

Re: [squid-users] deny_info redirect with URL placeholder

On 9/12/19 8:49 pm, Vieri Di Paola wrote: > Hi, > > Is there a way to add a URL variable name to a deny_info 302 > configuration directive? > or as I showed earlier with logformat codes. Though sorry that does require a later Squid version tha

Re: [squid-users] Deny_Info TCP_RESET

On Thu, Mar 28, 2019, at 7:14 PM, Alex Rousskov wrote: > On 3/28/19 5:36 PM, Alex Rousskov wrote: > > On 3/28/19 8:13 AM, cred...@eml.cc wrote: > >> Is using the http_reply_access deny a viable option if all else fails > >> to correct the issue until we can upgrade? > > > Probably it is not: I a

Re: [squid-users] Deny_Info TCP_RESET

On 3/28/19 5:36 PM, Alex Rousskov wrote: > On 3/28/19 8:13 AM, cred...@eml.cc wrote: >> Is using the http_reply_access deny a viable option if all else fails >> to correct the issue until we can upgrade? > Probably it is not: I am not sure, but based on my quick reading of the > code and a basic t

Re: [squid-users] Deny_Info TCP_RESET

On 3/28/19 8:13 AM, cred...@eml.cc wrote: > Is using the http_reply_access deny a viable option if all else fails > to correct the issue until we can upgrade? Probably it is not: I am not sure, but based on my quick reading of the code and a basic test, http_reply_access does not support the "den

Re: [squid-users] Deny_Info TCP_RESET

On Wed, Mar 27, 2019, at 4:23 PM, Alex Rousskov wrote: > On 3/27/19 3:17 PM, sq...@buglecreek.com wrote: > > Operating in reverse proxy mode. I'm trying to send a TCP reset in > > response to the acl below: > > > > acl example_url url_regex -i [^:]+://[^0-9]*.example.com.* > > deny_info TCP_R

Re: [squid-users] Deny_Info TCP_RESET

On 3/27/19 3:17 PM, sq...@buglecreek.com wrote: > Operating in reverse proxy mode. I'm trying to send a TCP reset in response > to the acl below: > > acl example_url url_regex -i [^:]+://[^0-9]*.example.com.* > deny_info TCP_RESET example_url > http_access deny example_url > > Looking at the p

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 18/10/18 1:08 AM, Amish wrote: > On 17/10/18 10:37 AM, Amos Jeffries wrote: >> On 17/10/18 3:15 PM, Amish wrote: >>> My proposal for would be to add "-n" (nobump) option to deny_info. >>> >>> If -n is specified then squid will send 307 directly instead of 200. >>> >>> Case 1) >>> deny_info http:

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 17/10/18 8:28 PM, Alex Rousskov wrote: Very true, but based on my interpretation of browser makers' feedback on the HTTP WG mailing list, I doubt that will happen in the foreseeable future: Adding a proxy "security context" (in addition to the existing "insecure" and "origin" contexts) is not

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 10/16/2018 08:15 PM, Amish wrote: > http_port 8080 ssl-bump ... > http_access deny ... > ssl_bump splice all > In this case one would expect that squid would not bump the connection > and return with 307 instead of 200. FWIW, I do not think "one would expect" can be the driving argument for d

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 17/10/18 10:37 AM, Amos Jeffries wrote: On 17/10/18 3:15 PM, Amish wrote: My proposal for would be to add "-n" (nobump) option to deny_info. If -n is specified then squid will send 307 directly instead of 200. Case 1) deny_info http://192.168.1.1/blocked.html denyit Return with 200 and bum

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 17/10/18 3:15 PM, Amish wrote: > > My proposal for would be to add "-n" (nobump) option to deny_info. > > If -n is specified then squid will send 307 directly instead of 200. > > Case 1) > deny_info http://192.168.1.1/blocked.html denyit > > Return with 200 and bump it (existing behaviour) >

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 16/10/18 10:07 PM, Alex Rousskov wrote: On 10/16/2018 10:01 AM, Amish wrote: Thing is that squid behaves differently for 2 exactly same CONNECT request with only difference being ssl-bump Yes, Squid behaves differently when configured differently. * My original response was specific to Ssl

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 10/16/2018 10:01 AM, Amish wrote: > On 16/10/18 9:05 PM, Alex Rousskov wrote: >> On 10/16/2018 06:29 AM, Amish wrote: >>> In my opinion correct flow should be like this: >>> >>> 1) Browser sends CONNECT request >>> 2) Check ACL >>> 3) If denied, return with 307 (or 302) >>> 4) If allowed, go ahe

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 16/10/18 9:05 PM, Alex Rousskov wrote: On 10/16/2018 06:29 AM, Amish wrote: In my opinion correct flow should be like this: 1) Browser sends CONNECT request 2) Check ACL 3) If denied, return with 307 (or 302) 4) If allowed, go ahead with tunneling / bumping as applicable Unfortunately, t

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

On 10/16/2018 06:29 AM, Amish wrote: > It seems that current algorithm for ssl-bump is: > > 1) Browser sends CONNECT request > 2) Squid sends status 200 Connection Established > 3) Check ACL > 4) If denied, bump the connection with squid certificate > 5) If allowed, go ahead with tunneling / bump

Re: [squid-users] deny_info and CONNECT for https request gives SSL error

Further to this: I have ssl-bump setup on port 8080. If I remove ssl-bump squid works just like I mentioned in my earlier e-mail. > curl -ix 192.168.1.1:8080 https://google.com HTTP/1.1 307 Temporary Redirect Server: squid/4.3 Mime-Version: 1.0 Date: Tue, 16 Oct 2018 12:01:41 GMT Content-Type:

Re: [squid-users] deny_info and squid's own IP address?

On Wednesday 02 May 2018 09:11 PM, Amos Jeffries wrote: On 03/05/18 03:01, Amish wrote: But the code in Format.cc looks complicated then simple one line:     case LFT_LOCAL_LISTENING_IP: {     // avoid logging a dash if we have reliable info     const bool interceptedAt

Re: [squid-users] deny_info and squid's own IP address?

On 03/05/18 03:01, Amish wrote: > On Wednesday 02 May 2018 10:05 AM, Amos Jeffries wrote: >> On 02/05/18 16:20, Amish wrote: >>> Does request->masterXaction->tcpClient->local hold Squid IP incase of >>> intercepted traffic too? >> The listening address (if any) will be in >> request->masterXaction-

Re: [squid-users] deny_info and squid's own IP address?

On Wednesday 02 May 2018 10:05 AM, Amos Jeffries wrote: On 02/05/18 16:20, Amish wrote: Does request->masterXaction->tcpClient->local hold Squid IP incase of intercepted traffic too? The listening address (if any) will be in request->masterXaction->squidPort->listenConn->local instead. It has n

Re: [squid-users] deny_info and squid's own IP address?

On 02/05/18 16:20, Amish wrote: > > Does request->masterXaction->tcpClient->local hold Squid IP incase of > intercepted traffic too? The listening address (if any) will be in request->masterXaction->squidPort->listenConn->local instead. It has no relation to the client TCP connection and may be :

Re: [squid-users] deny_info and squid's own IP address?

On Tuesday 01 May 2018 07:47 PM, Amos Jeffries wrote: On 01/05/18 23:10, Amish wrote: On Tuesday 01 May 2018 02:41 PM, Amos Jeffries wrote: On 01/05/18 19:44, Amish wrote: Hello, First of thanks a lot for taking your time out for replying to my query. My replies are inline. On Tuesday 01

Re: [squid-users] deny_info and squid's own IP address?

On 01/05/18 23:10, Amish wrote: > On Tuesday 01 May 2018 02:41 PM, Amos Jeffries wrote: >> On 01/05/18 19:44, Amish wrote: >>> Hello, >>> >>> First of thanks a lot for taking your time out for replying to my query. >>> >>> My replies are inline. >>> >>> On Tuesday 01 May 2018 09:10 AM, Amos Jeffrie

Re: [squid-users] deny_info and squid's own IP address?

On Tuesday 01 May 2018 02:41 PM, Amos Jeffries wrote: On 01/05/18 19:44, Amish wrote: Hello, First of thanks a lot for taking your time out for replying to my query. My replies are inline. On Tuesday 01 May 2018 09:10 AM, Amos Jeffries wrote: On 01/05/18 00:54, Amish wrote: Hello I have 2

Re: [squid-users] deny_info and squid's own IP address?

On 01/05/18 19:44, Amish wrote: > Hello, > > First of thanks a lot for taking your time out for replying to my query. > > My replies are inline. > > On Tuesday 01 May 2018 09:10 AM, Amos Jeffries wrote: >> On 01/05/18 00:54, Amish wrote: >>> Hello >>> >>> I have 2 LAN interface on squid box, say

Re: [squid-users] deny_info and squid's own IP address?

Hello, First of thanks a lot for taking your time out for replying to my query. My replies are inline. On Tuesday 01 May 2018 09:10 AM, Amos Jeffries wrote: On 01/05/18 00:54, Amish wrote: Hello I have 2 LAN interface on squid box, say department A (192.168.1.1/24) and department B (192.168.

Re: [squid-users] deny_info and squid's own IP address?

On 01/05/18 15:40, Amos Jeffries wrote: > On 01/05/18 00:54, Amish wrote: >> Hello >> >> I have 2 LAN interface on squid box, say department A (192.168.1.1/24) >> and department B (192.168.2.1/24) >> >> I have few banned sites. Say Facebook. >> >> I have HTTP server (running on same server as squ

Re: [squid-users] deny_info and squid's own IP address?

On 01/05/18 00:54, Amish wrote: > Hello > > I have 2 LAN interface on squid box, say department A (192.168.1.1/24) > and department B (192.168.2.1/24) > > I have few banned sites. Say Facebook. > > I have HTTP server (running on same server as squid) which shows custom > pages with custom logo b

Re: [squid-users] deny_info

On 11/16/2017 12:52 AM, Vieri wrote: > From: Amos Jeffries >> Because there are actually no custom deny_info attached to that >> "denied_restricted1_mimetypes_rep" ACL. > Right. I don't know how I missed that. Sorry. FWIW, I recommend avoiding "denied", "allowed", and similar prefixes in ACL

Re: [squid-users] deny_info

From: Amos Jeffries > > Because there are actually no custom deny_info attached to that > "denied_restricted1_mimetypes_rep" ACL. Right. I don't know how I missed that. Sorry. Thanks again. Vieri ___ squid-users mail

Re: [squid-users] deny_info

On 14/11/17 22:46, Vieri wrote: Hi, I'm trying to figure out how to correctly handle ERROR pages (or deny pages) in one particular case. An HTTP client is trying to access a website as https://example.org/. I'm getting the following info in cache.log: 2017/11/14 09:11:11.481 kid1| 85,2| clie

Re: [squid-users] Deny_Info

On 3/02/2017 3:16 a.m., creditu wrote: > I have seen the use of deny_info done a few ways in regard to the > placement of the htttp_access line: > > acl www dstdomain www.example.com > > deny_info http://www.other.com www > http_access deny www > > Or > > http_access deny www > deny_info http:/

Re: [squid-users] deny_info / url_rewrite_program

On 2/12/2015 3:17 a.m., Jens Kallup wrote: > Hello, > > bellow, a Perl script that works for me - it redirect the > URL in browser; when i type in "web.de" the result is > "www.freenet.de". > But the browser don't connect to www.freenet.de, > he shows me a Error: redirect-error - this problem can

Re: [squid-users] deny_info / url_rewrite_program

Hello, bellow, a Perl script that works for me - it redirect the URL in browser; when i type in "web.de" the result is "www.freenet.de". But the browser don't connect to www.freenet.de, he shows me a Error: redirect-error - this problem can be, when Cookies deactivated or denied. (iceweasel - fir

Re: [squid-users] deny_info / url_rewrite_program

On 1/12/2015 10:10 a.m., Jens Kallup wrote: > Hi, > > next, the output, followed by the config snippet, the perl script is fixed, > but don't work - squid shows only Error - Access Denied ... > > # squid config: > auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth > /sap/squid/pa

Re: [squid-users] deny_info / url_rewrite_program

Did you tested your helper in normal command line? It seems that your helper does something wrong. Before you run to try and make squid understand your helper make sure you understand what it actually does for you. I am unsure if you don't understand what STDIN\OUT\ERR means or do you actually

Re: [squid-users] deny_info / url_rewrite_program

Hi, next, the output, followed by the config snippet, the perl script is fixed, but don't work - squid shows only Error - Access Denied ... 2015/11/30 22:00:14.168 kid1| Process Roles: worker 2015/11/30 22:00:14.168 kid1| With 65536 file descriptors available 2015/11/30 22:00:14.168 kid1| Initia

Re: [squid-users] deny_info / url_rewrite_program

On Monday 30 November 2015 at 19:00:14, Jens Kallup wrote: > Hello, > > I have try a "url_rewrite_program" that should redirect a page, > that content is filtered / changed. > I add 2 lines to config: > > url_rewrite_program /sap/squid/rewrite.pl > #deny_info http://www.freenet.de !mysql_blocker