transparent squid 2.7 and custom error pages

**fandar** · 01-09-2013

Hello,
I have configured transparent squid proxy on debian (squid 2.7) everything works OK except the custom error pages. If I setup the proxy connection in a browser then is shows squid error pages like for i.e for wrong URL but then its transparent proxy then it shows default browser error messages instead of squid one. I have read something about iptables bypass rules needs to be set but I dont how exactly howto do that. I have tried several rules but none of them seems to be working

Can somebody help me please?

Thank You

**msohail** · 01-10-2013

Originally Posted by fandar

Hello,
I have configured transparent squid proxy on debian (squid 2.7) everything works OK except the custom error pages. If I setup the proxy connection in a browser then is shows squid error pages like for i.e for wrong URL but then its transparent proxy then it shows default browser error messages instead of squid one. I have read something about iptables bypass rules needs to be set but I dont how exactly howto do that. I have tried several rules but none of them seems to be working

Can somebody help me please?

Thank You

Can you please post your squid configuration file ?
Also see to it that you allow squid proxy port in you IPTables and if firewall is of no concern then you can always flush the IP Tables with iptables -F command.

Jazak Allah,
Sohail

**fandar** · 01-10-2013

Originally Posted by msohail

Can you please post your squid configuration file ?
Also see to it that you allow squid proxy port in you IPTables and if firewall is of no concern then you can always flush the IP Tables with iptables -F command.

Jazak Allah,
Sohail

The squid configuration file is the default ONE. I have only edited
http_port 3128 transparent
and added acl allow for my network

iptables rules
nat
-A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
-A PREROUTING -i hso0 -p tcp --dport 80 -j REDIRECT --to-port 3128
-A PREROUTING -i br0 -p tcp --dport 80 -j DNAT --to 192.168.2.254:3128
filter
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 192.168.2.254/32 -j ACCEPT

**msohail** · 01-10-2013

Originally Posted by fandar

Hello,
I have configured transparent squid proxy on debian (squid 2.7) everything works OK except the custom error pages. If I setup the proxy connection in a browser then is shows squid error pages like for i.e for wrong URL but then its transparent proxy then it shows default browser error messages instead of squid one. I have read something about iptables bypass rules needs to be set but I dont how exactly howto do that. I have tried several rules but none of them seems to be working

Can somebody help me please?

Thank You

Let me see if I understood you correctly. When you add proxy IP on your browser, the Squid error page shows up. When you remove the settings from browser, the default browser error shows up instead of a squid, although your squid is setup as transparent; correct ?

If so, then flush the IP tables and create new firewall rules to enable transparency.

Code:

    iptables -t nat -A PREROUTING -i eth0 -s ! proxy-server-IP -p tcp --dport 80 -j DNAT --to proxy-server-IP:3128
    iptables -t nat -A POSTROUTING -o eth0 -s local-network -d proxy-server-IP -j SNAT --to proxy-server-IP
    iptables -A FORWARD -s local-network -d proxy-server-IP -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT

Jazak Allah,
Sohail

**fandar** · 01-10-2013

Originally Posted by msohail

Let me see if I understood you correctly. When you add proxy IP on your browser, the Squid error page shows up. When you remove the settings from browser, the default browser error shows up instead of a squid, although your squid is setup as transparent; correct ?

If so, then flush the IP tables and create new firewall rules to enable transparency.

Code:

    iptables -t nat -A PREROUTING -i eth0 -s ! proxy-server-IP -p tcp --dport 80 -j DNAT --to proxy-server-IP:3128
    iptables -t nat -A POSTROUTING -o eth0 -s local-network -d proxy-server-IP -j SNAT --to proxy-server-IP
    iptables -A FORWARD -s local-network -d proxy-server-IP -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT

Jazak Allah,
Sohail

Thank You it seems to be working the same way now however I have another problem. It shows still the default browser message like

"Server not found. Check if the address for typing errors such as ww(dot)example(dot)com of www(dot)example(dot)com" in FireFox.

when there is no Internet connection and it cannot resolve the domain. I need to display custom offline page to the clients then there isnt internet connection available. Is that possible?

Thank You

**msohail** · 01-10-2013

Originally Posted by fandar

Thank You it seems to be working the same way now however I have another problem. It shows still the default browser message like

"Server not found. Check if the address for typing errors such as ww(dot)example(dot)com of www(dot)example(dot)com" in FireFox.

when there is no Internet connection and it cannot resolve the domain. I need to display custom offline page to the clients then there isnt internet connection available. Is that possible?

Thank You

Guess not.

Thread Tools

Display

transparent squid 2.7 and custom error pages

Posting Permissions