Re: [squid-users] https site denial only loads a part of the defined error message from Amos Jeffries on 2009-03-26 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 26 Mar 2009 23:44:08 +1300

Truth Seeker wrote:
> Amos,
>
> In firefox, the complete ERROR message is displaying for both http and https. But for IE, http is showing the full error message, but https is just showing the headings of the error messages.
>
> Is there any work around for this???

You will have to ask the browser developers about that. Squid is already
sending all the info it can to get the error displayed in full.

Amos

>
>
>
> --- On Wed, 3/25/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> Subject: Re: [squid-users] https site denial only loads a part of the defined error message
>> To: "Truth Seeker" <truth_seeker_3535_at_yahoo.com>
>> Cc: "Squid maillist" <squid-users_at_squid-cache.org>
>> Date: Wednesday, March 25, 2009, 10:26 PM
>>>
>>> For certain groups, we are giving access to public
>> mail servers like
>>> gmail/yahoo etc based on time only. When they are
>> trying to access any
>>> http mail site, they are getting the complete error
>> message which i
>>> defined, but when they are accessing any https:// mail
>> site, they are
>>> getting the same ERROR page BUT ONLY the headings of
>> the error message.
>>> the complete contents is not displayed.
>>>
>>> The following is the acl
>>>
>>> ### Personal mail Access Policies (Yahoo/Gmail etc)
>>> acl mail_sites dstdomain
>> "/etc/squid/include-files/mail_sites.squid"
>>> http_access allow mail_sites vip_acl
>>> http_access allow mail_sites power_acl
>>> http_access allow mail_sites thursday_off_time
>> download_surfers_acl
>>> http_access allow mail_sites off_time_1
>> download_surfers_acl
>>> http_access allow mail_sites thursday_off_time
>> surfers_acl
>>> http_access allow mail_sites off_time_1 surfers_acl
>>> http_access deny mail_sites
>>> deny_info ERR_MAIL_SITES mail_sites
>>>
>>>
>>> WHy it is happening So???
>>>
>> Because HTTPS is not plain old HTTP.
>>
>> When you send HTTP back in response to a HTTPS tunnel open
>> request
>> browsers start to display their weirdness.
>>
>> You will find some browsers display the error, some do not.
>> Some will
>> display the raw HTML that came back but ignore any included
>> images/CSS
>> etc.
>>
>> This is the first I've heard of partial displays, but its
>> not entirely
>> surprising.
>>
>>
>> Amos
>>
>>
>
>
>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.6

Received on Thu Mar 26 2009 - 10:44:15 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 26 2009 - 12:00:02 MDT