Re: access denied message and ACLs

From: Dancer <>
Date: Wed, 13 Nov 1996 10:22:17 +1100

Mark A. Crother wrote:
> I have just gotten squid up and running and now I am trying to configure
> it. I have a few of questions:
> 1. Is there a way to change the content of the "access_denied_msg"
> without having to change the source code? i.e. like having a
> access denied parameter in squid.conf that points to a URL.
> 2. For the acl command "http_access", is there a way to do a
> redirection rather than allow or deny?
> 3. Finally, are there more complete docs for the config file then
> what comes with the distribution?

Actually, re: point 1 above.

There's a message in the Squid source code that I had to change into the
source. Essentially the situation was that (alhtough we're not running
inside a firewall) we use inside_firewall to always force fetching from
the parent(s), rather than going direct (except for a small exclusion
list of domains, where direct is okay).

During recent storms (and it _is_ getting into storm-season here) the
ISDN link has been shut down at the upstream end for a greater or lesser
period of time.

The default message (wired into the source) says something like "Can't
fulfill this request, as so-and-so isn't reachable and the target host
is beyond the firewall. Your cache admin screwed up. Contact him."

Well, in my experience, not many people ever bothered to (or know how
to) check the outbound link to see if it is up or down. They read the
message, and started giving me "Hey dickhead" calls at 2:30am. My
explanation of the problem, TBH, sounded like making excuses. "Nothing
we can do...the link is shut down at the upstream end for the duration
of the storm (car accident, telecom stuff-up, etc..)..yes, I _know_ what
the message from the proxy says...yes, I _know_ it says I stuffed
up..No, I don't know when it will be back up; unlike me, they don't take
calls at this absurd hour."

And so on. So I modified the source to say something like "The upstream
link to the questnet hub is currently down. Please try again soon. If
the fault persists, see for news
and updates on system and local network status."

However, it'd be MUCH nicer to do this sort of thing in a config file.

Received on Tue Nov 12 1996 - 16:25:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:32 MST