To deny access, and use deny_info you should be using http_access deny ... something like this should work I think
http_access allow auth_hosts quota http_access deny auth_hosts deny_info ERR_NO_AUTH quota deny_info ERR_NO_QUOTA auth_hosts or rearranged to make more sense in deny_info http_access deny auth_hosts ldap_auth !quota http_access allow auth_hosts ldap_auth deny_info ERR_NO_AUTH ldap_auth deny_info ERR_NO_QUOTA quota Note: deny_info for "login failed" is a special case. It is the only case where requests can be denied by a acl element in the middle of any http_access line. In all other cases only the last acl element on of a "http_access deny" line can deny access. Regards Henrik "Piccoli, Lucio" wrote: > > hi all, > > I am trying to differentiate between the authentication and authorisation > errors. But i can't seem to distinguish between an error generated by the > external_acl return 'ERR' and the auth_proxy returns 'ERR'. Both errors > become ERR_NO_AUTH. I would have thought that the authentication failing > would generate a separate error to the authorisation. Is this possible? > > Any help is most appreciated > > [snip of config] > > external_acl_type quota_acl ttl=900 %LOGIN > /usr/local/squid/libexec/quota_acl > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth > > acl quota external quota_acl > acl ldap_auth proxy_auth REQUIRED > > http_access deny bannedsites > http_access deny !quota > http_access deny !ldap_auth > > http_access allow externalnets > http_access allow no_auth_hosts > http_access allow auth_hosts quota ldap_auth > > # the error page > deny_info ERR_NO_QUOTA ldap_auth > deny_info ERR_BANNED bannedsites > deny_info ERR_NO_AUTH quota > > -lp > > > http_access works by which acl the request was denied by, not which > > acl the request was allowed by... > > > > I think you want > > > > http_access deny !quota > > > > Regards > > Henrik > > > > > > On Tuesday 28 January 2003 03.59, Piccoli, Lucio wrote: > > > hi all, > > > > > > I have having trouble configuring the custom error pages for when > > > my external_acl program returns 'ERR'. No matter what i set i > > > always get the standard 'access denied' error page. > > > > > > external_acl_type quota_acl ttl=900 %LOGIN > > > /usr/local/squid/libexec/quota_acl > > > acl quota external quota_acl > > > http_access allow quota > > > # the error page > > > deny_info ERR_NO_AUTH quota > > > > > > Q.What config is required to display my custom page when the > > > external_acl fails? > > > > > > I guess one mechanism is to edit the 'access denied' error page > > > which i assume is used fo many types of error. > > > > > > any ideas? > > > > > > -lucio piccoli > > > ------------------------- > > > QCOM Australia Pty Ltd > > > ph +61 7 3858 6256 > >
