Search code examples
proxyconfigurationhttp-proxysquidicap

How to configure Squid to return custom error pages based on result of eCAP adapters?

The eCAP adapter is configured in squid.conf as:

acl bypass_scan_types_req req_mime_type -i ^text/     
acl bypass_scan_types_req req_mime_type -i ^application/x-javascript 
acl bypass_scan_types_req req_mime_type -i ^application/x-shockwave-flash  
acl bypass_scan_types_req req_mime_type -i ^image/ 
acl bypass_scan_types_req req_mime_type -i ^video     
acl bypass_scan_types_req req_mime_type -i ^audio 

acl bypass_scan_types_req req_mime_type -i ^.*application\/x-mms-framed.*$
acl bypass_scan_types_rep rep_mime_type -i ^text/ 
acl bypass_scan_types_rep rep_mime_type -i ^application/x-javascript 
acl bypass_scan_types_rep rep_mime_type -i ^application/x-shockwave-flash 
acl bypass_scan_types_rep rep_mime_type -i ^image/ 
acl bypass_scan_types_rep rep_mime_type -i ^video 
acl bypass_scan_types_rep rep_mime_type -i ^audio 
acl bypass_scan_types_rep rep_mime_type -i ^.*application\/x-mms-framed.*$

loadable_modules /usr/local/lib/ecap_clamav_adapter.so 

ecap_service clamav_service_req reqmod_precache uri=ecap://e-cap.org/ecap/services/clamav?mode=REQMOD bypass=off 
ecap_service clamav_service_resp respmod_precache uri=ecap://e-cap.org/ecap/services/clamav?mode=RESPMOD bypass=on 

adaptation_access clamav_service_req allow !bypass_scan_types_req all 
adaptation_access clamav_service_resp allow !bypass_scan_types_rep all

In case of virus detection, adapter returns some virus details and Squid produce default error page. I want to display custom error page instead of default one.

I tried by adding deny_info but I don't know exactly how to specify acl in this case. The deny_info I tried is as:

deny_info custom_error.html <my_acl_here>

Where custom_error.html is exist at ~/ecap/squid-XXXX/errors/en/. For now, I am not looking for virus details on error page, it could be any static page.

Thanks in advance!

Solution

  • I found the solution as:

    Create a page at /usr/local/squid/share/errors/templates/ERR_ANY_NAME. Then add following line at the end of squid.conf:

    deny_info ERR_ANY_NAME clamav_service_req

    The clamav_service_req is same as given in ecap_service directive and ERR_ANY_NAME is a custom page to display.