Usually there are more clear errors or indications giving some hint of the issue but this time none. Why do the Avengers have bad radio discipline? We can probably remove the security sensitive flag on the other bug. are these reverse-proxy https_port requests? have a peek at this web-site
If it can > send the status back, then it too will work. > Amos Thanks for responding so quickly, but how would I use that code to get my error squid.conf snippets: Code: acl localnet src 10.1.1.0/24 acl SSL_ports port 563 1025-65535 acl SSL_ports port 443 # https acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Here's what Konquerror says about the situation: > > The requested operation could not be completed > > Timeout Error > > Details of the Request: > > URL: https://www.google.com/search?q=test&ie=UTF-8 Protocol: That's very strange.
I have tried editing the error message in the file on the sever, restarting squid but it still displays the same old message. Which can be a problem when you are changing protocols. 303 is probably your best bet for CONNECT. Chrome blocks all these responses from proxies (including the redirects). If I do it under IE 8, I still get the > > same message (even with browser restart): > > ---- > > Internet Explorer cannot display the webpage >
If needed, you can make a copy and re-write the error message template files in any version. Comment 12 Adam Barth 2009-05-27 22:08:58 PDT > That said, how did chrome and IE8 fix this issue? The 307 status code was created for non-GET redirects. Squid Error_directory mnfjzog Linux - General 1 11-14-2003 05:01 PM Displaying custom error pages charliecb2 Linux - Newbie 1 03-09-2002 08:20 AM All times are GMT -5.
You can at least map 403 to a new error code that means "the proxy blocked connection to the website" in nsHttpChannel::ProcessFailedSSLConnect. Squid Deny_info WIth 307 they are supposed to repeat the CONNECT to the new address. So they disabled > it. > The 307 status code was created for non-GET redirects. I'm not familiar with squid reverse proxy setup for a SSL backend, but from the documentation, looks like you need to use the same name in cache_peer_access as the one defined
Tail of /var/logs/cache.log: Code: Every 2.0s: tail /var/logs/cache.log Wed Jun 20 04:22:37 2012 Y29t -----END SSL SESSION PARAMETERS----- 2012/06/20 04:22:33| Failed to select source for 'http://demo.oursite.com/' 2012/06/20 04:22:33| always_direct = 0 Squid Error_directory Example That's what we do in all other redirect cases so that's what i'd think is the safest thing to do. If we must map all proxy answers to a single boilerplate, can't we at least make it truthful (such as "Proxy returned an error, but unfortunately we cannot display it due Just a direct connection from browser to host via ssl/tls. > > And no, I still don't have squid working for https..
to Squid the way it does for http://...., different protocols after all . Comment 5 Jason Duell [:jduell] (needinfo me) 2009-05-26 15:29:39 PDT Reopening this bug. How To Change Squid Error Message I've poked around at this, and the idea I've got is to 1) keep the existing channel, but change its target URI from the original requested URI (paypal.com, etc.) to the Squid Error Page Location Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Amos FredB Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: Denied pages for HTTPS requests > Oh great. Check This Out Jonas, that's what we'd have to do if we go the redirect route, yes. Squid is fully transparent (or > that's the idea anyway) i.e. Search this Thread 06-20-2012, 12:39 AM #1 4Paul4 Member Registered: Jul 2011 Posts: 51 Rep: Squid custom error pages I am trying to setup a customer error page for Squid Custom Error Page Example
Check your Internet > > connection > > > > Retype the address. > > > > Go back to the previous page. Good to know they screwed it up somehow. IE would visit the page but would whine about certificates not matching, which it should. Source IE 8, Safari, and Chrome all display boilerplate error pages. (See the paper mentioned in bug 479880 to see why everyone is treating HTTPS proxy replies with a 10-foot pole now.)
Can you explain why it makes sense to respect a 302 and not a 403? Stylesheet For Squid Error Pages Most of the times the users are confused with blank page. With squid all https connections I've > tried fail.
Squid *is* sending the error page response back. May be ASCII-formatted. Any ideas? Squid Redirect Error Page Am I missing something related to SSL > which is mandatory nowadays?
Many of the browsers > simply > reject anything other than successful tunnel opening. Introduction to Linux - A Hands on Guide This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started Thank you." Vonlanthen, Elmar Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ RE: "Access denied" pages for HTTPS requests Hello http://cpresourcesllc.com/squid-error/squid-error-message-location.php Do any other browsers give more information?
If I attempt to connect via http outside of the whitelist, I get the custom error page and the following appears in the /var/logs/cache.log: Code: 2012/06/22 00:04:49| Failed to select source And you think that render proxy answer is more dangerous than redirect user to another site? cache_mem 256 MB icp_access allow localnet And in addition to help to solve the issue I'd appreciate very much if there are improvements that can and should be made to the Amos FredB Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: Denied pages for HTTPS requests > WIth 307 they