RE: [squid-users] "Access denied" pages for HTTPS requests

From: Vonlanthen, Elmar <Elmar.Vonlanthen_at_united-security-providers.ch>
Date: Mon, 15 Nov 2010 17:14:49 +0100

Hello

> This is a Internet Explorer setting under "Internet Options
> -> Advanced
> -> Browsing" called "Show Friendly HTTP Error messages",
> disable this to
> get the real error messages.

This is not working for me. If I do it under IE 8, I still get the same
message (even with browser restart):

----
   Internet Explorer cannot display the webpage 
   
   What you can try: 
     You are not connected to the Internet. Check your Internet
connection  
 
     Retype the address.  
 
     Go back to the previous page.  
 
   Most likely causes:
*You are not connected to the Internet.
*The website is encountering problems.
*There might be a typing error in the address.
 
     More information
----
And it would not be a feasible solution, because I cannot control the
clients settings.
But I think this cannot work, because the client is not trying to get
the website with a GET request but with a CONNECT request. So Squid is
not able to send the errorpage back. Or am I wrong?
I have tried with ssl_bump.
I don't want to break allowed SSL connections. So my aproach was to use
ssl_bump only for denied websites. But even then I have the same
problem. IE cannot display the "Access denied" page (with HTTP it is
working).
If I add the option "deny_info" and define a redirection page, it is
working with firefox, but with IE or Chrome I have sill no success.
Chrome is displaying this error: 
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown Error.
Any other ideas?
> ALSO, if you are trying to simply block facebook, create a 
> dstdomain ACL instead, and don't forget to include fbcdn.net.
You are right, thanks.
Best regards
Elmar

Received on Mon Nov 15 2010 - 16:14:56 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 16 2010 - 12:00:03 MST