And another one:
5) If you are using a deny_info configuration for a specific acl and you are 
redirecting to a url instead of squid inernal error page you can add some query 
term that will be used as a marker to the acl.

Example of usage:
acl blacklist-acl dstdomain
deny_info http://<SOME SERVER NAME OR IP>/block_page/?url=%u&domain=%H&acl= 
blacklist-acl blacklist-acl

acl localnet src

http_access deny ! blacklist-acl
http_access allow localnet


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261

-----Original Message-----
From: squid-users [] On Behalf 
Of Alex Rousskov
Sent: Wednesday, March 14, 2018 04:33
Subject: Re: [squid-users] ACL in custom error page

On 03/13/2018 06:08 PM, Amos Jeffries wrote:
> On 14/03/18 05:46, Eduardo Carneiro wrote:
>> Hello everyone!
>> Is there any way to display, in my custom error pages, the acl that denied
>> access?
> Two things:
>  1) There is no single ACL that denied Access. There is always an entire
> sequence of checks.
> 2) The error page template code has not yet been updated to support
> generic logformat codes which do have a code for the last ACL that was
> tested (note that this may have been the one which _allowed logging_).

And two more:

3) We are working to support major logformat %codes in error pages. The
patches are going through internal review cycles right now.

4) In modern Squids, the best way to log access denial (and similar)
decisions is often via ACL-triggered annotations (rather than the old
"the last ACL touched by somebody" hack). See annotate_transaction in
squid.conf.documented. The corresponding %note logformat code should be
available in error page templates as the result of (3).


squid-users mailing list

squid-users mailing list

Reply via email to