Re: [squid-users] outright deny

From: Chris Robertson <[email protected]>
Date: Tue, 28 Mar 2006 11:22:59 -0900

Geoff Varney wrote:

>Chris,
>I'm glad I saw this post today as I also would like to just get rid of the
>authentication prompt when as user attempts to use the Web when listed in my
>denied_users ACL. It works perfectly as you said when adding "all" to the
>end of the http_access deny statement.
>
>However, now I'd like to use a custom error page when this occurs. Instead
>of the stock "Access Denied" page and its reasons, I made one that tells the
>user the reasons why their access may be denied (no AUP signed or
>inappropriate use, etc.) This works perfectly when my squid.conf is like
>this:
>
>acl denied_users proxy_auth_regex -i '/etc/squid/denied_users'
>deny_info ERR_USER_ACCESS_DENIED denied_users
>http_access deny denied_users
>
>but if I do this:
>
>acl denied_users proxy_auth_regex -i '/etc/squid/denied_users'
>deny_info ERR_USER_ACCESS_DENIED denied_users
>all
>
>then the normal ERR_ACCESS_DENIED error page comes up. Is there a way to
>make this work (custom error message) while NOT prompting the user for
>authorization?
>
>I guess I could modify the ERR_ACCESS_DENIED but I don't want to confuse
>things if it comes up for some other reason other than being part of the
>denied_users ACL. I suppose I could just ADD to the current error page info
>that would help the user understand what's going on...
>
>Thanks,
>Geoff
>
>
>
Make a new ACL...

ACL auth_deny_all src 0.0.0.0

...change your deny_info...

deny_info ERR_USER_ACCESS_DENIED denied_users

...and you should be set.

http_access deny denied_users auth_deny_all

...will block users without re-prompting for authentication, and give
the custom error message.

Chris
Received on Tue Mar 28 2006 - 13:23:37 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST