I am trying to setup a customer error page for our squid reverse proxy.
We have IP-Whitelisted some of our websites allowing potential customers to 'request a demo' after which their IP addresses will be added to the whitelist.
Case 1:
A customer visits our website (
http://demo.oursite.com) without being in the whitelist
Result:
Code:
The following error was encountered while trying to retrieve the URL: http://demo.oursite.com
Unable to forward this request at this time.
This request could not be forwarded to the origin server or to any parent caches.... etc
(squid/3.0.STABLE26)
Case2:
Customer tries to access the following (
https://demo.oursite.com)
Result:
Site does not load for them at all. Website unavailable message generated by their browser.
Rather than seeing these results, we would like them to see our custom html file telling them to request a demo.
I have tried editing the error message in the file on the sever, restarting squid but it still displays the same old message.
Tail of /var/logs/cache.log:
Code:
Every 2.0s: tail /var/logs/cache.log Wed Jun 20 04:22:37 2012
Y29t
-----END SSL SESSION PARAMETERS-----
2012/06/20 04:22:33| Failed to select source for 'http://demo.oursite.com/'
2012/06/20 04:22:33| always_direct = 0
2012/06/20 04:22:33| never_direct = 0
2012/06/20 04:22:33| timedout = 0
2012/06/20 04:22:34| Failed to select source for 'http://demo.oursite.com/favicon.ico'
2012/06/20 04:22:34| always_direct = 0
2012/06/20 04:22:34| never_direct = 0
2012/06/20 04:22:34| timedout = 0
Two Questions:
1) I would like the same effect whether they connect through HTTPS or HTTP. Why is it not connecting at all via HTTPS and showing the error message via HTTP?
2) Other than edit the error message file, what else must I do to get the customer error message displayed?
squid.conf
Code:
#ACLS and Debug options
debug_options ALL,1 33,2 28, 9
acl publicall src 0.0.0.0/0
acl darwinsrc 1x.xx.xx.xx
acl geelong src 2x.xx.xx.xx
#SSL Setup
visible_hostname oursite.com
http_port 80 accel vhost
https_port 443 accel cert=/usr/newrprgate/CertAuth/cert.cert key=/usr/newrprgate/CertAuth/key.pem vhost defaultsite=www.oursite.com
forwarded_for on
#Demo Site
cache_peer demo.oursite.com parent 443 0 no-query originserver ssl sslversion=3 sslflags=DONT_VERIFY_PEER front-end-https=on name=demo
acl sites_demo dstdomain demo.oursite.com
cache_peer_access demo allow sites_demo darwin
cache_peer_access demo allow sites_demo geelong
cache_peer_access demo deny publicall
acl https proto https
<Other Sites Omitted>
acl https proto https
http_access allow all
access_log /var/log/squid/access.log
cache_mgr support@oursite.com