[squid-users] How to add a banner to all (unauthenticated) pages?

Hi all,

I need to add a banner to unauthenticated groups informing them that they are using a restricted public network, while still allowing them to access the web, albeit at a slower speed via delay pools. So far, I have managed to add the banner to the pages using the redirector, a perl script and a php page that creates a frameset with the banner in the top frame, and the desired content in the main frame. Problem is that the request for the content in the main frame either gives an access denied error, or returns a blank document, or creates a whole page of repeating banners.

Any thoughts?

[squid.conf]
## redirector
acl group_restricted src 192.168.0.109 # ← redirecting only my workstation for testing purposes
redirector_access allow group_restricted
redirect_children 20
redirect_rewrites_host_header off
redirect_program /etc/squid/restricted-redirect.pl

[restricted-redirect.pl]
BEGIN { $|=1 }
if (m|restricted.html|) {
} else {
  s|http://|http://192.168.0.100/restricted.php?url=http://|;
}

[restricted.php]
<html>
        <head>
                <meta http-equiv="content-type" content="text/html; charset=UTF-8">
                <title>Restricted connection</title>
                <script>function checkTopFrame() {if (frames && frames[0] && frames[0].document) {try {frames[0].document.domain;} catch(e) {location = "/er
        </head>
        <frameset rows="100,*">
                <frame src="http://192.168.0.100/restricted.html" scrolling=no marginwidth=0 marginheight=0 onload="var d = frames[0].document;var l = d.lin
                <frame src="<?php echo $_GET["url"]?>">
                <noframes>Your browser does not support frames.
                </noframes>
        </frameset>
</html>

[squid-access.log]
1213031870.823 4 192.168.0.109 TCP_MISS/200 1293 GET http://www.microsoft.com/isapi/redir.dll? - DIRECT/192.168.0.100 text/html
1213031870.885 12 192.168.0.109 TCP_REFRESH_HIT/304 298 GET http://192.168.0.100/restricted.html - DIRECT/192.168.0.100 -
1213031870.888 3 192.168.0.109 TCP_MISS/200 1293 GET http://www.microsoft.com/isapi/redir.dll? - DIRECT/192.168.0.100 text/html
1213031882.863 1 192.168.0.109 TCP_MISS/200 1268 GET http://www.google.com/ - DIRECT/192.168.0.100 text/html

[apache-access.log]
192.168.0.100 - - [09/Jun/2008:19:17:50 +0200] "GET /restricted.php?url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HTTP/1.0" 200 961
192.168.0.100 - - [09/Jun/2008:19:17:50 +0200] "GET /restricted.html HTTP/1.0" 304 - "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Mo
192.168.0.100 - - [09/Jun/2008:19:17:50 +0200] "GET /restricted.php?url=http://www.microsoft.com/isapi/redir.dll?prd=ie HTTP/1.0" 200 961 "http://www.micros
192.168.0.100 - - [09/Jun/2008:19:18:02 +0200] "GET /restricted.php?url=http://www.google.com/ HTTP/1.0" 200 936 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win
Received on Mon Jun 09 2008 - 18:06:57 MDT