Re: [squid-users] Confusing redirection behaviour

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sun, 30 Mar 2008 11:57:42 +1300

Dave Coventry wrote:
> Hi Amos,
>
> On Fri, Mar 28, 2008 at 4:26 PM, Amos Jeffries wrote:
>> Because the ACL to which you have attached the deny_info is only doing
>> an allow. You need to use it to actually deny before the deny_info will
>> work.
>>
>> Try:
>> http_access deny !lan
>
> Okay, I'll give it ago. Is that instead of "http_access allow lan"?
> It's a shame I didn't get this until after I'd left work; I'll have to
> wait until Monday, I guess.

After IMO. The allow will just let the K people through, a following
deny will block the rest with your denial page.

>
>> > url_rewrite_program to redirect to my login page. The interesting
>> > thing here is that if I redirect as follows:
>> > --
>> > print "302:http://192.168.60.254/cgi-bin/auth.cgi\n"
>> > --
>> > Then I get an error message which says "Error the requested URL could
>> > not be retrieved." as the root has been removed from the path.
>> > (see http://davec.uklinux.net/Squid3.0-HEAD.jpg )
>> >
>> > But, if I put a slash in front of the redirection URL:
>> > --
>> > print "302:/http://192.168.60.254\n"
>> > --
>> > then Squid attempts to redirect me to the originally requested URL
>> > with /http://192.168.60.254/ appended.
>> > (see http://davec.uklinux.net/Redirectionerror.jpg )
>
> Do you have any idea what's happening as regards the
> "url_rewrite_program" directive?

I think there may be something funky happening with raw-IP hostnames in
squid 2.x. It may disappear if you use a FQDN in the deny_info.

I just know I had to do a re-work in 3-HEAD to get it to handle IPv6
correctly in all use-cases where it should have been a simple drop-in.

Amos

-- 
Please use Squid 2.6STABLE19 or 3.0STABLE2
Received on Sun Mar 30 2008 - 05:23:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT