deny_info
| deny_info |
This directive allows you to show specific error messages to users when a request matches certain ACL elements. This is more informative than sending a generic "access denied" error message, as happens by default.
When Squid checks its access control rules to see whether or not a particular request is allowed or denied, it remembers the ACL element that causes the search to terminate. You can use these ACL element names in a deny_info line to correlate error messages with a specific request characteristic. Consider, for example, this configuration:
acl Unsafe_Ports 7 9 19 22 23 25 53 109 110 119 ... http_access deny Unsafe_Ports ... deny_info ERR_PORT_IS_UNSAFE Unsafe_Ports
When a user makes a request to an origin server on one of the ports listed in the Unsafe_Ports ACL, Squid denies the request. Furthermore, Squid generates an error message from the ERR_PORT_IS_UNSAFE file, found in the error_directory directory.
Alternatively, you can specify a URI instead of an error message template. In this case, Squid sends an HTTP 302 (Moved Temporarily) redirect to the given URI.
Finally, if you specify TCP_RESET as the error message template, Squid closes the client's connection in a way that generates a TCP reset.
|
Syntax |
deny_info error-page-name|URI acl-name |
|
Default |
No default |
|
Example |
deny_info ERR_PORT_IS_UNSAFE Unsafe_Ports |
|
Related |
error_directory, acl |
