Re: [squid-users] howto define an custom error page, when icap server returns 403 HTTP Code ?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 14 Dec 2011 10:13:52 +1300

 On Tue, 13 Dec 2011 14:12:34 +0100, Dieter Bloms wrote:
> Hello,
>
> I've configured squid 3.1.16 to use the icap reqmod and my icap virus
> scanner scans the trafic.
>
> When my icap virusscanner founds a virus it returns an empty page
> with
> HTTP 403 statuscode like (from wireshark):
>
> --snip--
> ICAP/1.0 403 Forbidden
> Server: Avira-WebGate/3.2.0
> ISTag: "03020000-08020686-070B1343"
> Encapsulated: null-body=0
> --snip--

 Ah. This is *not* an "HTTP/1.0 403" status. This is a "ICAP/1.0 403"
 status.

 It has the same description as the HTTP one. BUT, it applies only to
 the ICAP service request. Meaning the ICAP service is rejecting Squid
 permission to scan that object through that service. Completion of the
 HTTP transfer may still be possible.

  If the service was _optional_ ("bypass=yes" in squid.conf), Squid
 might try alternatives services or skip the scanning entirely.

  If the service was mandatory ("bypass=no" in squid.conf), Squid will
 produce a different HTTP error response for the client (probably 500
 Internal Server Error, or 400 Bad Gateway).

>
> I had an idea to use http_reply_access parameter to define an acl and
> use deny_info for the error page, but I've no headerfield.
>
> Does anybody know a solution to define an custom errorpage, when the
> icapserver returns a 403 status code ?

 For ICAP operations to produce custom HTTP errors the ICAP service
 needs to respond by producing that custom HTTP error message.

 Amos
Received on Tue Dec 13 2011 - 22:13:55 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 14 2011 - 12:00:03 MST