RE: [squid-users] Custom error page based on IP.

From: Palmer J.D.F. <J.D.F.Palmer_at_swansea.ac.uk>
Date: Wed, 8 Apr 2009 13:21:18 +0100

Sorry for the somewhat large delay in replying to you, I have been on
longish term sick.
However I've just returned and have sussed this out.

Firstly I added the following rules to squid.conf.

acl swan src 123.45.0.0/16 # The campus subnet, which was
already defined in squid.conf
.....
deny_info ERR_EXTERNAL_IP not swan # if client's source IP is not in
swan subnet then instantiate error page
acl www dst 123.45.67.89 # campus www server holding the
instruction page
http_access allow www !swan # allows access to web server from
IP's that are outside of swan subnet
http_access deny !swan # deny src IP's outside the swan
subnet.

Then created a custom error file (ERR_EXTERNAL_IP) which contains a
redirect to the page on the campus webserver.

If you don't allow the access to the campus web server, you get a
recursive deny and all gets a bit messy.

Simples!

Cheers,
Jezz.

> -----Original Message-----
> From: John Doe [mailto:jdmls_at_yahoo.com]
> Sent: 13 February 2009 09:58
> To: Palmer J.D.F.
> Subject: Re: [squid-users] Custom error page based on IP.
>
>
> From: Palmer J.D.F. <J.D.F.Palmer_at_swansea.ac.uk>
> > Is it possible to have a custom error page that is displayed only
> when a
> > client machine tries to connect to our squid caches from outside our
> > subnet?
> >
> > We have a lot of users & visitors that use their machines on site,
> but
> > also off site on other networks; occasionally these users try to
> proxy
> > via our cache from off site networks outside our subnet; we have
acls
> in
> > place that prevent remote proxying, but as it is they just get an
> Access
> > Denied error.
> > If possible I'd like to replace this error with an explanation and
> > instructions on how to re-configure their browser.
> >
> > As far as I can tell the same Access Denied error
(ERR_ACCESS_DENIED)
> is
> > displayed for a multitude of reasons, hence not viable to just edit
> the
> > existing error; is it possible to have a different error just for
> this
> > scenario?
>
> Maybe you could use url rewrites to forward them to a specific web
page
> that would explain why they cannot use the proxy from outside...
>
> JD
>
>
>
Received on Wed Apr 08 2009 - 12:22:27 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 09 2009 - 12:00:02 MDT