Name
deny_info
Synopsis
This directive allows you to show specific error messages to users when a request matches certain ACL elements. This is more informative than sending a generic “access denied” error message, as happens by default.
When Squid checks its access control rules to see whether or not a particular request is allowed or denied, it remembers the ACL element that causes the search to terminate. You can use these ACL element names in a deny_info line to correlate error messages with a specific request characteristic. Consider, for example, this configuration:
acl Unsafe_Ports 7 9 19 22 23 25 53 109 110 119 ... http_access deny Unsafe_Ports ... deny_info ERR_PORT_IS_UNSAFE Unsafe_Ports
When a user makes a request to an origin server on one of the ports listed in the Unsafe_Ports ACL, Squid denies the request. Furthermore, Squid generates an error message from the ERR_PORT_IS_UNSAFE file, found in the error_directory directory.
Alternatively, you can specify a URI instead of an error message template. In this case, Squid sends an HTTP 302 (Moved Temporarily) redirect to the given URI.
Finally, if you specify TCP_RESET
as the error message template,
Squid closes the client’s connection in a way that generates a TCP
reset.
Syntax | deny_info |
Default | No default |
Example | deny_info ERR_PORT_IS_UNSAFE Unsafe_Ports |
Related | error_directory, acl |
Get Squid: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.