RE: [squid-users] Custom error page based on IP.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 9 Apr 2009 16:18:03 +1200 (NZST)

> Sorry for the somewhat large delay in replying to you, I have been on
> longish term sick.
> However I've just returned and have sussed this out.
>
> Firstly I added the following rules to squid.conf.
>
> acl swan src 123.45.0.0/16 # The campus subnet, which was
> already defined in squid.conf
> .....
> deny_info ERR_EXTERNAL_IP not swan # if client's source IP is not in
> swan subnet then instantiate error page
> acl www dst 123.45.67.89 # campus www server holding the
> instruction page
> http_access allow www !swan # allows access to web server from
> IP's that are outside of swan subnet
> http_access deny !swan # deny src IP's outside the swan
> subnet.
>
> Then created a custom error file (ERR_EXTERNAL_IP) which contains a
> redirect to the page on the campus webserver.
>
> If you don't allow the access to the campus web server, you get a
> recursive deny and all gets a bit messy.

NP: the line above "deny_info ERR_EXTERNAL_IP not swan"
 should be configured as:
  deny_info ERR_EXTERNAL_IP swan

Unless the ERR_EXTERNAL_IP is generating the redirect to include various
of the Squid % error page codes it can be replaced further with:
  deny_info http://internal.server/errorpage.html swan

Amos

>
> Simples!
>
> Cheers,
> Jezz.
>
>
>> -----Original Message-----
>> From: John Doe [mailto:jdmls_at_yahoo.com]
>> Sent: 13 February 2009 09:58
>> To: Palmer J.D.F.
>> Subject: Re: [squid-users] Custom error page based on IP.
>>
>>
>> From: Palmer J.D.F. <J.D.F.Palmer_at_swansea.ac.uk>
>> > Is it possible to have a custom error page that is displayed only
>> when a
>> > client machine tries to connect to our squid caches from outside our
>> > subnet?
>> >
>> > We have a lot of users & visitors that use their machines on site,
>> but
>> > also off site on other networks; occasionally these users try to
>> proxy
>> > via our cache from off site networks outside our subnet; we have
> acls
>> in
>> > place that prevent remote proxying, but as it is they just get an
>> Access
>> > Denied error.
>> > If possible I'd like to replace this error with an explanation and
>> > instructions on how to re-configure their browser.
>> >
>> > As far as I can tell the same Access Denied error
> (ERR_ACCESS_DENIED)
>> is
>> > displayed for a multitude of reasons, hence not viable to just edit
>> the
>> > existing error; is it possible to have a different error just for
>> this
>> > scenario?
>>
>> Maybe you could use url rewrites to forward them to a specific web
> page
>> that would explain why they cannot use the proxy from outside...
>>
>> JD
>>
>>
>>
>
>
Received on Thu Apr 09 2009 - 03:18:05 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 10 2009 - 12:00:02 MDT