Squid configuration directive deny_info
Available in: 3.3 3.2 3.1 2.7 3.HEAD 2.HEAD 3.0 2.6
History:
- Changes in 3.2 deny_info
-
Support URL format tags. For dynamically generated URL in denial redirect.
Support the full range of 200-599 HTTP status codes. 3xx status only available when redirecting to a URI. Other status only available when supplying an error template body.
- Changes in 3.1 deny_info
-
Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.
Configuration Details:
Option Name: | deny_info |
---|---|
Replaces: | |
Requires: | |
Default Value: | none |
Suggested Config: |
|
Usage: deny_info err_page_name acl or deny_info http://... acl or deny_info TCP_RESET acl This can be used to return a ERR_ page for requests which do not pass the 'http_access' rules. Squid remembers the last acl it evaluated in http_access, and if a 'deny_info' line exists for that ACL Squid returns a corresponding error page. The acl is typically the last acl on the http_access deny line which denied access. The exceptions to this rule are: - When Squid needs to request authentication credentials. It's then the first authentication related acl encountered - When none of the http_access lines matches. It's then the last acl processed on the last http_access line. - When the decision to deny access was made by an adaptation service, the acl name is the corresponding eCAP or ICAP service_name. NP: If providing your own custom error pages with error_directory you may also specify them by your custom file name: Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys By defaut Squid will send "403 Forbidden". A different 4xx or 5xx may be specified by prefixing the file name with the code and a colon. e.g. 404:ERR_CUSTOM_ACCESS_DENIED Alternatively you can tell Squid to reset the TCP connection by specifying TCP_RESET. Or you can specify an error URL or URL pattern. The browsers will get redirected to the specified URL after formatting tags have been replaced. Redirect will be done with 302 or 307 according to HTTP/1.1 specs. A different 3xx code may be specified by prefixing the URL. e.g. 303:http://example.com/ URL FORMAT TAGS: %a - username (if available. Password NOT included) %B - FTP path URL %e - Error number %E - Error description %h - Squid hostname %H - Request domain name %i - Client IP Address %M - Request Method %o - Message result from external ACL helper %p - Request Port number %P - Request Protocol name %R - Request URL path %T - Timestamp in RFC 1123 format %U - Full canonical URL from client (HTTPS URLs terminate with *) %u - Full canonical URL from client %w - Admin email from squid.conf %x - Error name %% - Literal percent (%) code |
|
Search
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Help Out or Donate
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
Miscellaneous
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork