Bug #8827
open
Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
0%
Description
Squid running in bump mode. Though that should not affect this.
When configuring Common or Group ACLs or applying the redirect to a specific target catagory setting the redirect modes ''redirect' and 'err page'results in a bad URL being passed to the client.
If an https URL is entered the resulting client error is:
The following error was encountered while trying to retrieve the URL: https://https/* Unable to determine IP address from host name https
Choosing redirect mode 'url move' which sends a 301 to the client allows the error page to be shown as expected.
Updated by Viktor Gurov over 3 years ago
You have to append
url_rewrite_access deny CONNECT url_rewrite_access allow all
to your squid custom options to make the redirect page work in SSL MITM mode.
Updated by Viktor Gurov about 3 years ago
Updated by Jim Pingle about 3 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho about 3 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
Updated by Azamat Khakimyanov over 2 years ago
- Status changed from Feedback to Assigned
Tested on 21.05_p2
With redirect mode 'ext url redirect' I still got
The following error was encountered while trying to retrieve the URL: https://https/*
Unable to determine IP address from host name "https"
The DNS server returned:
Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
Your cache administrator is admin@localhost.
so this bug is not solved.
For example 'mts.ru' were inside one of Target Category with 'ext url redirect' to 'orange.com' and I got this output for
echo "http://www.mts.ru 172.16.130.101/ - - GET" | squidGuard -d
2021-12-21 15:58:32 [76797] New setting: logdir: /var/squidGuard/log
2021-12-21 15:58:32 [76797] New setting: dbhome: /var/db/squidGuard
2021-12-21 15:58:32 [76797] init domainlist /var/db/squidGuard/G_to_Ya/domains
2021-12-21 15:58:32 [76797] loading dbfile /var/db/squidGuard/G_to_Ya/domains.db
2021-12-21 15:58:32 [76797] init domainlist /var/db/squidGuard/BlockMobiles/domains
2021-12-21 15:58:32 [76797] loading dbfile /var/db/squidGuard/BlockMobiles/domains.db
2021-12-21 15:58:32 [76797] init domainlist /var/db/squidGuard/AnotherSites/domains
2021-12-21 15:58:32 [76797] loading dbfile /var/db/squidGuard/AnotherSites/domains.db
2021-12-21 15:58:32 [76797] init domainlist /var/db/squidGuard/squidstatus/domains
2021-12-21 15:58:32 [76797] loading dbfile /var/db/squidGuard/squidstatus/domains.db
2021-12-21 15:58:32 [76797] squidGuard 1.4 started (1640102312.802)
2021-12-21 15:58:32 [76797] squidGuard ready for requests (1640102312.802)
2021-12-21 15:58:32 [76797] source not found
2021-12-21 15:58:32 [76797] no ACL matching source, using default
2021-12-21 15:58:32 [76797] Request(default/BlockMobiles/-) http://www.mts.ru 172.16.130.101/- - - REDIRECT
OK rewrite-url="https://orange.com"
2021-12-21 15:58:32 [76797] squidGuard stopped (1640102312.802)
P.S. Option 'ext url move' works with no problem
Updated by Viktor Gurov over 2 years ago
- Status changed from Assigned to New
This bugfix is reverted in #11738