On Tue, 13 Dec 2011 14:12:34 +0100, Dieter Bloms wrote:
> Hello,
>
> I've configured squid 3.1.16 to use the icap reqmod and my icap virus
> scanner scans the trafic.
>
> When my icap virusscanner founds a virus it returns an empty page
> with
> HTTP 403 statuscode like (from wireshark):
>
> --snip--
> ICAP/1.0 403 Forbidden
> Server: Avira-WebGate/3.2.0
> ISTag: "03020000-08020686-070B1343"
> Encapsulated: null-body=0
> --snip--
Ah. This is *not* an "HTTP/1.0 403" status. This is a "ICAP/1.0 403"
status.
It has the same description as the HTTP one. BUT, it applies only to
the ICAP service request. Meaning the ICAP service is rejecting Squid
permission to scan that object through that service. Completion of the
HTTP transfer may still be possible.
If the service was _optional_ ("bypass=yes" in squid.conf), Squid
might try alternatives services or skip the scanning entirely.
If the service was mandatory ("bypass=no" in squid.conf), Squid will
produce a different HTTP error response for the client (probably 500
Internal Server Error, or 400 Bad Gateway).
>
> I had an idea to use http_reply_access parameter to define an acl and
> use deny_info for the error page, but I've no headerfield.
>
> Does anybody know a solution to define an custom errorpage, when the
> icapserver returns a 403 status code ?
For ICAP operations to produce custom HTTP errors the ICAP service
needs to respond by producing that custom HTTP error message.
Amos
Received on Tue Dec 13 2011 - 22:13:55 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 14 2011 - 12:00:03 MST