Confused "deny_info" logic

From: <P.Lister@dont-contact.us>
Date: Fri, 03 Jan 97 15:59:20 +0000

I can't make sense of the deny_info description...

# This can be used to return a HTTP redirect for requests which
# do not pass the 'http_access' rules. A single ACL will cause
# the http_access check to fail. If a 'deny_info' line exists
# for that ACL then Squid returns a redirect to the given URL.

As I understand it, a request is refused on the basis of an
http_access *rule*, which consists of a boolean expression made up of
ACLs.

The rule and its acls...

acl cranfield src 138.250.0.0/255.255.0.0
acl rmcs src 193.63.247.0/255.255.255.0
acl hypernews urlpath_regex ^/hypernews

http_access deny hypernews !cranfield !rmcs

This denies access to /hypernews* for non-local users: but how do I
define the deny_info line for "that ACL"? This doesn't seem to have an
effect...

deny_info http://www.cranfield.ac.uk/forbidden-hypernews.html hypernews
!cranfield !rmcs

What am I doing wrong (or is this line theoretically right).

As a matter of personal taste, I'd prefer the http_access arguments to
consist of exactly one ACL and an error message, combined with the
ability to define ACLs as Boolean expressions of other ACLs. There
would a default pseudo-acl to catch all the unspecified conditions.

Ideally, I'd like to generate a real error message (code 400) as
opposed to a location header, as this runs the risk that an "error
message" specified as a Location header can become cached as
apparently real data.

Peter Lister Email: p.lister@cranfield.ac.uk
Computer Centre, Cranfield University Voice: +44 1234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL UK Fax: +44 1234 751814
------------------------------------------------------------------------
     (1) "Yes" (2) "No" (3) "That would be an ecumenical matter"
------------------------------------------------------------------------
Received on Fri Jan 03 1997 - 08:09:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:59 MST