[squid-users] Problem SQUID : not return a message with the 403 HTTP Code (on the SQUID 2.4STABLE7 and SQUID 2.5STABLE6)

From: <florent.beyssac@dont-contact.us>
Date: Tue, 12 Oct 2004 17:38:42 +0200

----- Réacheminé par Florent BEYSSAC/CNEDI06/CNAF le 12/10/2004 17:38 -----
|---------+--------------------------->
| | Florent BEYSSAC |
| | CNEDI06 |
| | |
| | 12/10/2004 16:57|
| | |
| | |--------------||
| | | [ ] Accusé ||
| | | de ||
| | | réceptio ||
| | | n ||
| | |--------------||
| | |--------------||
| | | [ ] Détaille ||
| | | r le ||
| | | groupe ||
| | |--------------||
|---------+--------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
  | |
  | Pour : squid-users@squid-cache.org |
  | cc : Marc TRACEZ/CNEDI06/CNAF@CNAF, Andre SEIGNON/CNEDI06/CNAF@CNAF |
  | Objet : Problem SQUID : not return a message with the 403 HTTP Code (on the SQUID 2.4STABLE7 and SQUID 2.5STABLE6) |
  | |
>------------------------------------------------------------------------------------------------------------------------------|

Our architecture proxy is:

CLIENT --> SQUID 2.4STABLE7 --> Proxy Bluecoat --> WEB
I studied the behavior of SQUID proxy with the entirety of codes HTTP. In
fact, I modified code HTTP sent by the bluecoat proxy when it sends
POLICY_DENIED page when a customer wishes to go on a pornographic site.
The POLICY_DENIED page is not forwarded to the client when code HTTP is:
304, 403, 500, 501, 502, 503, 504.

The 304 HTTP definition:

304 CODE "Not Modified":
If the client has performed a conditional GET request and access is
allowed, but the document has not been modified, the server SHOULD respond
with this status code. The 304 response MUST NOT contain a message-body,
and thus is always terminated by the first empty line after the header
fields.

With this code HTTP, it seems normal that the customer is not message
POLICY_DENIED. If I connect a customer directly on the BLUECOAT, it does
not have an answer. The SQUID reacted like IE6.

The 403 HTTP code:

On the other hand, in the RFC2616, the codes HTTP 403 can contain a message
to indicate information to the user. The SQUID on code 403 does not respect
the RFC. It posts an SQUID error message (connexion failed) without
checking that the request contains a message for the user. Can I change
this behavior?

Thank you.
Florent Beyssac.
Received on Tue Oct 12 2004 - 09:38:49 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST