deny_info

deny_info

This directive allows you to show specific error messages to users when a request matches certain ACL elements. This is more informative than sending a generic "access denied" error message, as happens by default.

When Squid checks its access control rules to see whether or not a particular request is allowed or denied, it remembers the ACL element that causes the search to terminate. You can use these ACL element names in a deny_info line to correlate error messages with a specific request characteristic. Consider, for example, this configuration:

acl Unsafe_Ports 7 9 19 22 23 25 53 109 110 119

...

http_access deny Unsafe_Ports

...

deny_info ERR_PORT_IS_UNSAFE Unsafe_Ports

When a user makes a request to an origin server on one of the ports listed in the Unsafe_Ports ACL, Squid denies the request. Furthermore, Squid generates an error message from the ERR_PORT_IS_UNSAFE file, found in the error_directory directory.

Alternatively, you can specify a URI instead of an error message template. In this case, Squid sends an HTTP 302 (Moved Temporarily) redirect to the given URI.

Finally, if you specify TCP_RESET as the error message template, Squid closes the client's connection in a way that generates a TCP reset.

Syntax

deny_info error-page-name|URI acl-name

Default

No default

Example

deny_info ERR_PORT_IS_UNSAFE Unsafe_Ports

Related

error_directory, acl



    Appendix A. Config File Reference