RE: [squid-users] outright deny

From: Geoff Varney <geoff.varney@dont-contact.us>
Date: Tue, 28 Mar 2006 14:40:11 -0800

Thanks, Chris. As usual there's a simple answer when one has a good handle
on acls and stuff.

I did as you recommended, but the deny_info ERR_USER_ACCESS_DENIED must be
applied to the new acl (auth_deny_all) not denied_users, then it works just
as you said.

Thanks again.

Geoff

______________________________
Geoff Varney
Network Support Specialist
Educational Service District 112
Ridgefield School District
360-619-1405
geoff.varney@esd112.org

-----Original Message-----
From: Chris Robertson [mailto:crobertson@gci.net]
Sent: Tuesday, March 28, 2006 12:23 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] outright deny

Geoff Varney wrote:

>Chris,
>I'm glad I saw this post today as I also would like to just get rid of the
>authentication prompt when as user attempts to use the Web when listed in
my
>denied_users ACL. It works perfectly as you said when adding "all" to the
>end of the http_access deny statement.
>
>However, now I'd like to use a custom error page when this occurs. Instead
>of the stock "Access Denied" page and its reasons, I made one that tells
the
>user the reasons why their access may be denied (no AUP signed or
>inappropriate use, etc.) This works perfectly when my squid.conf is like
>this:
>
>acl denied_users proxy_auth_regex -i '/etc/squid/denied_users'
>deny_info ERR_USER_ACCESS_DENIED denied_users
>http_access deny denied_users
>
>but if I do this:
>
>acl denied_users proxy_auth_regex -i '/etc/squid/denied_users'
>deny_info ERR_USER_ACCESS_DENIED denied_users
>all
>
>then the normal ERR_ACCESS_DENIED error page comes up. Is there a way to
>make this work (custom error message) while NOT prompting the user for
>authorization?
>
>I guess I could modify the ERR_ACCESS_DENIED but I don't want to confuse
>things if it comes up for some other reason other than being part of the
>denied_users ACL. I suppose I could just ADD to the current error page
info
>that would help the user understand what's going on...
>
>Thanks,
>Geoff
>
>
>
Make a new ACL...

ACL auth_deny_all src 0.0.0.0

...change your deny_info...

deny_info ERR_USER_ACCESS_DENIED denied_users

...and you should be set.

http_access deny denied_users auth_deny_all

...will block users without re-prompting for authentication, and give
the custom error message.

Chris
Received on Tue Mar 28 2006 - 15:43:37 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST