RE: [squid-users] "Access denied" pages for HTTPS requests from Vonlanthen, Elmar on 2010-11-16 (squid-users)

From: Vonlanthen, Elmar <Elmar.Vonlanthen_at_united-security-providers.ch>
Date: Tue, 16 Nov 2010 09:29:08 +0100

Hello again

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Montag, 15. November 2010 23:19
> To: Vonlanthen, Elmar
> Cc: squid-users_at_squid-cache.org
> Subject: RE: [squid-users] "Access denied" pages for HTTPS requests
>
> On Mon, 15 Nov 2010 17:14:49 +0100, "Vonlanthen, Elmar"
> <Elmar.Vonlanthen_at_united-security-providers.ch> wrote:
> > Hello
> >
> >> This is a Internet Explorer setting under "Internet Options
> >> -> Advanced
> >> -> Browsing" called "Show Friendly HTTP Error messages",
> >> disable this to
> >> get the real error messages.
> >
> > This is not working for me. If I do it under IE 8, I still get the
> > same message (even with browser restart):
> > ----
> > Internet Explorer cannot display the webpage
> >
> > What you can try:
> > You are not connected to the Internet. Check your Internet
> > connection
> >
> > Retype the address.
> >
> > Go back to the previous page.
> >
> > Most likely causes:
> > *You are not connected to the Internet.
> > *The website is encountering problems.
> > *There might be a typing error in the address.
> >
> > More information
> > ----
> >
> > And it would not be a feasible solution, because I cannot
> control the
> > clients settings.
> >
> > But I think this cannot work, because the client is not
> trying to get
> > the website with a GET request but with a CONNECT request.
> So Squid is
> > not able to send the errorpage back. Or am I wrong?
>
>
> Squid *is* sending the error page response back. However,
> there were some security vulnerabilities and at least one
> virus discovered a while back involving the way the popular
> browsers display such pages. So they disabled it.

Ok, you are right. I saw it in the tcpdump.

> The 307 status code was created for non-GET redirects. Use
> that and as the browsers gain support for it your site will
> start to work. Hopefully some may already.

How can I specify the status code?

With deny_info it seems not to be possible:
deny_info 307:http://myredirect-page

Thanks.

Best regards
Elmar

application/x-pkcs7-signature attachment: smime.p7s

Received on Tue Nov 16 2010 - 08:29:33 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 16 2010 - 12:00:03 MST