Custom Squid Error Page (sgerror.php)



  • I am struggling with trying to create a working/custom squid error page. For the moment I am using Transparent Proxy. Under Common ACL and Redirect Mode I see the following message: "Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible."  Does this mean I am unable to use anything Int?  In the dozens of tutorials I have seen this option is working for those using transparent proxy so I am confused.  Furthermore, I have edited the sgerror.php file to the following:

    /*
     https://forum.pfsense.org/index.php?topic=26057.0
    
      This file replaces the function get_error_page (.....
      save this file in your home dir, end rename to personalSgerror.php
    
      In the file /usr/local/www/sgerror.php
      i put the directive below
      include "/home/<your home="">/personalSgerror.php";
      and rename the original function
      get_error_page (.....
      Xget_error_page function (.....
    /*
    function get_error_page($er_code_id, $err_msg='') {
    	global $err_code;
    	global $cl;
    	global $g;
    	global $config;
    	$str = Array();
    
    	header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
    	header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
    	header( 'Cache-Control: no-store, no-cache, must-revalidate' );
    	header( 'Cache-Control: post-check=0, pre-check=0', false );
    	header( 'Pragma: no-cache' );
    	header("HTTP/1.1 " . $err_code[$er_code_id]);
    	$str[] = '';
    	$str[] = '';
    	$str[] = '<title>'.$err_code[$er_code_id].'</title>';
    	$str[] = '';
    	$str[] = '';
    
    	$str[] = '';
    	$str[] = 'ACCESS DENIED';
    	$str[] = '';
    
    	$str[] = '';
    	$str[] = ''.date('D, d M Y H:i:s').'';
    	if ($cl['s']) $str[] = "Group: {$cl['s']} | ";
    	if ($cl['t']) $str[] = "Category: {$cl['t']}";
    	$str[] = '';
    	$str[] = '';
    	$str[] = '';
    	$str[] = 'NETWORK '.$config['system']['domain'].'';
    	$str[] = 'ACCESSO NEGATO!';
    	$str[] = ''. $err_code[$er_code_id].'';
    	$str[] = '';
    	$str[] = '';
    
    	if($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']) {
    		$str[] = '
    
    '.$config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage'].'
    
    ';
    	}else{
    		$str[] = '
    
    Access to the request page or domain
    has been denied by '.$g['product_name'].'
    
    ';
    	}
    
    	$str[] = '<hr  size="1" width="70%" noshade="">';
    	if ($cl['u']) $str[] = 'URL: '.$cl['u'].'';
    	if ($cl['s']) $str[] = '
    Gruppo: **'.$cl['s'].'** - ';
    	if ($cl['t']) $str[] = 'Categoria: **'.$cl['t'].'**';
    	$str[] = '<hr  size="1" width="70%" noshade="">';
    	if ($cl['n']) $str[] = 'Client Name: '.$cl['n'].'
    ';
    	if ($cl['a']) $str[] = 'Client IP: '.$cl['a'].'
    ';
    	if ($cl['i']) $str[] = 'Client User: '.$cl['i'].'
    ';
    	$str[] = '<hr  size="1" width="70%" noshade="">';
    
    	if(strlen($err_msg)>1 ){
    		 $str[] = ''.$err_msg.'';
    	}else{
    		$str[] = 'Contact the Network Administrator if you think there has been an error';
    	}
    
    	$str[] = '</hr ></hr ></hr >';
    	$str[] = '';
    	$str[] = 'Pagine web controllate e filtrate da  [**SquidGuard**](http://www.squidguard.org "http://www.squidguard.org") su firewall  [**'.$g['product_name'].'**](http://'.$g['product_website'].' "http://'.$g['product_website'].'")';
    	$str[] = '';
    	$str[] = '';
    	$str[] = "";
    
    	return implode("\n", $str);
    }
    ?></your> 
    

    When I select int error page and browse to a blocked website I get:

    The following error was encountered while trying to retrieve the URL: http://192.168.1.1/sgerror.php?

    Connection to 192.168.1.1 failed.

    Where can I specify the address it is pointing to?  192.168.1.0/24 is on the LAN but I have disabled that interface as I am running vlans on 10.0.0.0/24 (guest net), 10.5.5.0/24 (mgmt net) and 192.168.2.0/24 (home net)



  • Stop using Transparent proxy in the first place.  It's nothing but a hassle with HTTPS.  Implement it properly in explicit mode w/ WPAD and you won't have this problem