squid-cache.org

	Usage:   deny_info err_page_name acl
	or       deny_info http://... acl
	or       deny_info TCP_RESET acl

	This can be used to return a ERR_ page for requests which
	do not pass the 'http_access' rules.  Squid remembers the last
	acl it evaluated in http_access, and if a 'deny_info' line exists
	for that ACL Squid returns a corresponding error page.

	The acl is typically the last acl on the http_access deny line which
	denied access. The exceptions to this rule are:
	- When Squid needs to request authentication credentials. It's then
	  the first authentication related acl encountered
	- When none of the http_access lines matches. It's then the last
	  acl processed on the last http_access line.

	NP: If providing your own custom error pages with error_directory
	    you may also specify them by your custom file name:
	    Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys

	Alternatively you can tell Squid to reset the TCP connection
	by specifying TCP_RESET.

	Or you can specify an error URL or URL pattern. The browsers will
	get redirected (302) to the specified URL after formattgin tags have
	been replaced.

	URL FORMAT TAGS:
		%a	- username (if available. Password NOT included)
		%B	- FTP path URL
		%e	- Error number
		%E	- Error description
		%h	- Squid hostname
		%H	- Request domain name
		%i	- Client IP Address
		%M	- Request Method
		%o	- Message result from external ACL helper
		%p	- Request Port number
		%P	- Request Protocol name
		%R	- Request URL path
		%T	- Timestamp in RFC 1123 format
		%U	- Full canonical URL from client
			  (HTTPS URLs terminate with *)
		%u	- Full canonical URL from client
		%w	- Admin email from squid.conf
		%%	- Literal percent (%) code