Squid custom error page

Squid Web Cache wiki

Squid Web Cache documentation

🔗 Feature: Customizable Error Message

• Goal: To alter the error pages layouts and content generated by Squid.
• Status: complete.
• Version: 2.1
• Developer: Unknown.

🔗 Details

Squid lets you customize your error messages. The source distribution includes error messages in different languages.

From Squid 3.1:

• CSS hooks are available for display redesign and coloring.
• Language translations are done by default automatically when language pages are installed. See Translations Project for more details on those.

For older Squid you can select the language with the configure option –enable-err-language=lang.

If needed, you can make a copy and re-write the error message template files in any version.

🔗 deny_info URL codes for embedding

Squid-2.1 toSquid-3.1 only provide this macro code:

• %s Absolute URL requested by client

Squid-3.2 adds URL templating codes:

• %a User identity
• %d seconds elapsed since request received (not yet implemented)
• %e errno
• %E strerror()
• %h Squid public hostname
• %H server host name
• %i client IP address
• %I server IP address (NP: upper case i)
• %M Request Method
• %o Message returned by external ACL helper
• %p URL port number
• %P Protocol
• %R URL path requested.
• %S Squid version signature.
• %s Absolute URL requested by client
• %t local time
• %T UTC
• %U Absolute URL without password. Uses * instead of path for CONNECT requests.
• %u Absolute URL with password. May be missing path on CONNECT requests.
• %w cachemgr email address

🔗 ERR_* template codes for embedding

This list describes the macro codes which Squid will replace in the error response messages, and what details will be inserted:

• %a User identity
• %B URL with FTP %2f hack
• %c Squid error code
• %d seconds elapsed since request received (not yet implemented)
• %D Squid-generated error details. May contain other error page formatting codes. Currently only TLS/SSL connection failures are detailed. For example, %D in a customized ERR_SECURE_CONNECT_FAIL response may be expanded into “The host name you are connecting to (foo.com) does not match any of the certificate names (foo.org, foo.net)…”). Supported since Squid-3.2. See also: application-level error code (%x) and system level error code/detail (%e/%E).
• %e errno
• %E strerror()
• %f FTP request line
• %F FTP reply line
• %g FTP server message
• %h cache hostname
• %H server host name
• %i client IP address
• %I server IP address
• %l Local site CSS stylesheet
• %L contents of err_html_text config option
• %M Request Method
• %m Error message returned by external auth helper
• %o Message returned by external acl helper
• %p URL port number
• %P Protocol
• %R Full HTTP Request
• %S squid default signature
• %s caching proxy software with version
• %t local time
• %T UTC time
• %U URL without password
• %u URL with password
• %W Extended error page data URL-encoded for mailto links.
• %w cachemgr email address
• %x Application-level error name or identifier (e.g., X509_V_ERR_UNABLE_TO_GET_CRL). Currently only supported for SSL certificate validation errors. See also: system-level error code/detail (%e/%E) and application-level error detail (%D).
• %z DNS server error message
• %Z Message generated during the process which failed. May be ASCII-formatted. Use within HTML PRE tags.

🔗 Custom error pages not displayed for HTTPS

HTTPS uses HTTP CONNECT messages to relay through a proxy. Due to browser behaviour handling these CONNECT messages (described in https://bugzilla.mozilla.org/show_bug.cgi?id=479880) any custom error page produced by the proxy is ignored and a generic browser page displayed instead.

Usually this browser page mentions connection faulure or other such irrelevant details.

In fact any response other than 200 OK is completely dropped by the browser and the same browser template page displayed. This can lead to some very weird authentication problems when using HTTPS through an authenticated proxy as well for authentication schemes where the 407 message body has relevance.

Contents are © their respective authors,
licensed under the Creative Commons Attribution Sharealike 2.5 License
Last generated on 2023-01-08 10:51:24 +0000

Источник

Ubuntu Documentation

Squid is ugly

Squid error pages are ugly, here’s how you can change it.

Configuration

This assumes you already have a squid proxy installation which is up and running.

Squid is serving static pages on errors, denies or on other problematic situations. All those pages can be found in /usr/share/squid/errors/. The pages are stored in folders with language names. Those folders are actually the squid translated pages.

We can change the language squid serves pages by editing /etc/squid/squid.conf configuration file. Find the error_directory directive and change it’s value to the path where your language files are stored.

Ok, but this doesn’t make Squid error pages prettier! To get this issue fixed you can edit every page inside the error pages directory to suit your needs, or, you can use sed!

Custom pages

Make a copy of your language folder first.

Now cause it is HTML the pages inside that folder are written in, we can use CSS to prettify those. Here’s a simple sed usage to quickly search and replace the default squid error pages CSS tag with some custom CSS:

Now edit again your squid config file and point error_directory to the new location of your error pages. Reload squid:

Point a browser which uses you squid proxy to some impossible domain name. The resulted error pages are amazingly beautiful!

You can go further and customize your pages in any way you want. Good luck!

Squid/Customize (последним исправлял пользователь sushkov 2009-02-28 10:09:40)

The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details

Источник

Настройка прокси сервера Squid 3.3 на Ubuntu Server 14.04 LTS. Часть 7. Кастомизация страниц ошибок

После того как мы начнём в боевом режиме использовать прокси-сервер Squid3, возможно одна из первых вещей, которые захочется сделать – это кастомизация веб-страниц, возвращаемых прокси-сервером при разного рода ошибках доступа к запрашиваемым веб-ресурсам. В целом дизайн страниц ошибок в конфигурации по умолчанию в Squid3 на мой взгляд намного приятней, чем в том же Squid2 и поэтому, по большому счету, необходимости в какой-то сильной кастомизации нет. И самое простое здесь, что мы можем сделать, для того чтобы как-то приблизить этот дизайн к корпоративному – заменить логотип Squid, используемый на всех таких страницах на эмблему компании. Давайте рассмотрим эту нехитрую процедуру.

Для начала создаём новый логотип в формате png. При необходимости очищаем фон изображения с помощью онлайн-сервиса Photo editor online как описано например в заметке — Как сделать прозрачный фон у картинки .

Передаём получившийся графический файл логотипа, например это будет файл SBS-Logo.png с компьютера под управлением Windows на Linux-сервер (в нашем примере KOM-AD01-GW10 ). Сделать это можно например по протоколу SSH ( ранее мы уже запустили службу сервера OpenSSH на KOM-AD01-GW10 ) с помощью утилиты WinSCP или PSCP. Передадим файл сначала в домашний каталог пользователя /home/user/ (или

Указанный файл логотипа нам нужно сделать доступным по протоколу HTTP всем пользователям локальной сети без дополнительной аутентификации. Для этого можно, например, из домашнего каталога /home/user/ переместить файл лого в в каталог /var/www/html/ (корневой каталог веб-сервера Apache2, который доступен нам после его установки в предыдущей части):

После этого правим ссылку на файл лого в настроечном файле каскадных стилей /etc/squid3/errorpage.css — в секции titles изменяем значение параметра background :

Проверяем результат, например набрав заведомо неверный URL

Источник

How to change the default error document pages in Squid?

Squid is one of the best caching web proxy servers out there. Although it provides a number of amazing features but the default error page which is served by Squid is very basic and does not look good. So if you are a system administrator you may like to customize or change the default error document according to your own needs. In this article we will tell you how to do so.

All the error documents for a “default” Squid installation are located inside the directory: /usr/share/squid/errors/English/. So in case you want to modify any of the basic default error documents (error pages) like the access denied error page then you should edit the ERR_ACCESS_DENIED file in the above directory.

You can also choose to show different types of error pages (error documents) to different groups of users. This is possible only if your are denying access to a particular user group (ACCESS_DENIED). This feature is not available for other error messages. This can be done by adding the following directive to your SQUID configuration file which is generally located at /etc/squid/squid.conf:

deny_info ERR_PAGE_NAME acl

You custom error document page should have the prefix ERR_ before it’s name and must be stored in the /usr/share/squid/errors/English/ directory, else this feature won’t work. You may also like to read about how to configure acl in squid.

Источник

IE displayed self-page, if them size > 1024

function get_error_page($er_code_id, $err_msg=») <
global $err_code;
global $cl;
$str = Array();

Aufgrund von Zugriffsbeschränkungen ist Ihre Anfrage nicht erlaubt.
Bitte kontaktieren Sie die IT-Abteilung, wenn Sie der Meinung sind, daß dies nicht korrekt ist.


return implode(«n», $str);
>

Pfsense running at 11 Locations
-mobile OPENVPN and IPSEC
-multiwan failover
-filtering proxy(squidguard) in bridgemode with ntop monitoring

Thank you for your detailed response. I only plan to have one page for the block message at this time. It seems like quite a bit to go through for something that seems so simple. Maybe a good feature to add to pfSense at some point is a custom error page generator. (Not really sure how much that entails…may be unrealistic.) Anyway, when I can get back to this issue I will see if I can make something work out of the information you have given me.

I will be in touch.

I am unsure what portions I need to change to make this work. Can you give me an example of how to configure the code so that I can have the error page sit on my pfSense box and be displayed to the user from there? Format is not important, php, html, whatever…I would just like it to function.

Many thanks for all the help!

all u need for a custom block page on PfSense i posted before.
Ur redirect mode should be «int error page (enter error message)» to get custom error page to work.

sry but i need more information about ur pfsense installation.

1. squid and squidguard and lightsquid, for reports, installed and working?
2. squidguard blacklist updated and working with standard int errorpage?

My issue is that I am using Squid as a transparent proxy and therefore cannot use any of the «int» redirect methods

why not? the transparent proxy trys to get the «client URL» and is redirected to squidguard. filtering should work.

can u see some proxy activity in proxy report? (lightsquid)

Pfsense running at 11 Locations
-mobile OPENVPN and IPSEC
-multiwan failover
-filtering proxy(squidguard) in bridgemode with ntop monitoring

Thanks again for your help with this. Although your suggestion to use the «int error page (enter error message)» option got me farther than I had been, I now have two issues:

1 — The custom page stops working once I reactivate https on a non-standard port.

2 — The error page is generic and is formatted nothing like what your example image looked like (see my attached sgerror.jgp).

My internal redirect text resembles the following:
https://firewall-ip:port#/sgerror.php?url=https://firewall-ip:port#/firewallblock.php&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
Am I correct on the formatting of this or do I need to change something?

As I said before, when the GUI is set to HTTP on port 80 (and the above link is changed to use HTTP) the page displays as shown in the 1st attachment. When I change the GUI back to HTTPS on a non-standard port, the page goes back to the «https_sgerror.jpg» attachment.

I had read several posts on the issue of internal redirects not working on HTTPS which is why I included that in one of my previous posts. I apologize I should have explained myself better on that…

Also, I have Squid, SquidGuard, and LightSquid functioning.

So, I am still left with a couple of issues as you can see. Any advice on where to go from here?

ok that looks good ur filter seems to work. Please try to get it work with http first. i remenber some problems with https. Maybe it doesnt work on https.
My Gui workin on no standard http port.

U edit sgerror.php and still get standard block page? hmm post ur sgerror.php.

Plz try to access https://firewall-ip:port#/firewallblock.php from a client. Can u post ur firewall.php?

I will try to configure a test system tommorow with ur config. U are using Pfsense 1.2.3 with standard LAN WAN setup right?

Steps to get custom Page to work with transparent proxy with GUI on a http standard and nonstandard port
1. Install squid, Squidguard, Lightsquid Pakage
2. upload blacklist
3. configure squidguard default rule for blocking categories.
4. test filtering from a client, if standard block page appears u can go further otherwise u have to check config
5. modify /usr/local/www/sgerror.php

IE displayed self-page, if them size > 1024

function get_error_page($er_code_id, $err_msg=») <
global $err_code;
global $cl;
$str = Array();

Request denied by pfSense proxy: ‘ . $err_code[$er_code_id] . ‘

‘;
if ($err_msg) $str[] = » Reason: $err_msg»;
$str[] = ‘

‘;
if ($cl[‘a’]) $str[] = » Client address: <$cl[‘a’]>
«;
if ($cl[‘n’]) $str[] = » Client name: <$cl[‘n’]>
«;
if ($cl[‘i’]) $str[] = » Client user: <$cl[‘i’]>
«;
if ($cl[‘s’]) $str[] = » Client group: <$cl[‘s’]>
«;
if ($cl[‘t’]) $str[] = » Target group: <$cl[‘t’]>
«;
if ($cl[‘u’]) $str[] = » URL: <$cl[‘u’]>
«;
$str[] = ‘

paste: (its simple html)

IE displayed self-page, if them size > 1024

function get_error_page($er_code_id, $err_msg=») <
global $err_code;
global $cl;
$str = Array();

$str[] = ‘Adresse gesperrt!’;
$str[] = »;
if ($err_msg) $str[] = ‘

Aufgrund von Zugriffsbeschränkungen ist Ihre Anfrage nicht erlaubt.
Bitte kontaktieren Sie die IT-Abteilung, wenn Sie der Meinung sind, daß dies nicht korrekt ist.


keep in mind to change picture path if u want to use images in block page

6. restart proxy and squidguard

Steps to get custom Page to work with transparent proxy with GUI on a https standard and nonstandard port

redirection to the pfsense box itself fails.

1. u need to put errorpage on an external http server z.b debian with php installed.
2. create php script and use infos u get from squidguard variables

Источник

После того как мы начнём в боевом режиме использовать прокси-сервер Squid3, возможно одна из первых вещей, которые захочется сделать – это кастомизация веб-страниц, возвращаемых прокси-сервером при разного рода ошибках доступа к запрашиваемым веб-ресурсам. В целом дизайн страниц ошибок в конфигурации по умолчанию в Squid3 на мой взгляд намного приятней, чем в том же Squid2 и поэтому, по большому счету, необходимости в какой-то сильной кастомизации нет. И самое простое здесь, что мы можем сделать, для того чтобы как-то приблизить этот дизайн к корпоративному – заменить логотип Squid, используемый на всех таких страницах на эмблему компании. Давайте рассмотрим эту нехитрую процедуру.

Для начала создаём новый логотип в формате png. При необходимости очищаем фон изображения с помощью онлайн-сервиса Photo editor online как описано например в заметке — Как сделать прозрачный фон у картинки.

Передаём получившийся графический файл логотипа, например это будет файл SBS-Logo.png с компьютера под управлением Windows на Linux-сервер (в нашем примере KOM-AD01-GW10). Сделать это можно например по протоколу SSH (ранее мы уже запустили службу сервера OpenSSH на KOM-AD01-GW10) с помощью утилиты WinSCP или PSCP. Передадим файл сначала в домашний каталог пользователя /home/user/ (или ~ для краткости):

C:ToolsPuTTypscp -scp C:TempMy-Logo.png user@KOM-AD01-GW10:~/My-Logo.png

Указанный файл логотипа нам нужно сделать доступным по протоколу HTTP всем пользователям локальной сети без дополнительной аутентификации. Для этого можно, например, из домашнего каталога /home/user/ переместить файл лого в в каталог /var/www/html/ (корневой каталог веб-сервера Apache2, который доступен нам после его установки в предыдущей части):

sudo mv ~/My-Logo.png  /var/www/html/My-Logo.png

После этого правим ссылку на файл лого в настроечном файле каскадных стилей /etc/squid3/errorpage.css — в секции titles изменяем значение параметра background:

/* Page displayed title area */
#titles {
        margin-left: 15px;
        padding: 10px;
        padding-left: 100px;
        /* background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left; */
        background: url('http://KOM-AD01-GW10.holding.com/My-Logo.png') no-repeat left;
}

Перезагружаем Squid:

sudo service squid3 reload

Проверяем результат, например набрав заведомо неверный URL

Помимо этого в основном конфигурационном файле Squid3 /etc/squid3/squid.conf есть ряд параметров, которые могут видоизменять формат выводимых данных на страница ошибок. Найти эти параметры можно в разделе ERROR PAGE OPTIONS:

error_directory
error_default_language
err_page_stylesheet
email_err_data
deny_info

Каждый из параметров имеет комментарии объясняющие возможные значения принимаемые в этих параметрах. На приведённом скриншоте страница ошибки принимает вид согласно параметрам настроенным в конфигурационном файле squid.conf, который мы рассмотрели в одной их прошлых заметок.

***

Предыдущие части цикла заметок:

Часть 1. Установка ОС на ВМ Hyper-V Gen2
Часть 2. Настройка диска для кэша Squid
Часть 3. Конфигурация DNS , NTP и установка Squid
Часть 4. Конфигурация Kerberos и NTLM
Часть 5. Конфигурация Squid 3
Часть 6. Настройка Proxy Auto Configuration (WPAD)

Следующие части цикла заметок:

Часть 8. Конфигурация SqStat
Часть 9. Конфигурация LightSquid
Часть 10. Отключаем IPv6

Squid-Proxy-Server

Setting up squid proxy server with «Custom error page for ERROR 403» and authorizing user from terminal as well as firefox GUI.

( TO be permanently as a root user type «sudo su»)

1. apt-get update && apt-get install squid apache2-utils -y

   1A> In firefox go to options -> Advanced -> Network -> configure how firefox connects

   1B> Then in HTTP Proxy :

   1C> in PORT : 3128

2. vim /etc/squid/squid.conf

   2A> search for keyword «http_access deny all»

   2B> change it to «http_access allow all»

   OPRIONAL STEPS FOR CHECHKING LOG FILE TRAFFIC
   #go to google and search something
   #type the command «tail -f /var/log/squid/access.log»

3. vim /etc/squid/squid.conf

#now i am making a variable «blocked_url» which will hold «/etc/squid/blocked_sites.acl» path.
#go to very first line and type ( for easy to locate lines i am typing at first line only , you could go to it’s desired TAG: and type it there but make sure all uncommented commands are just below TAG to avoid any confusion)

3a. acl blocked_url dstdomain «/etc/squid/blocked_sites.acl»
#the very next line type as below

3b. http_access deny blocked_url
#save and quit to come out of vim

1. service squid restart

#now to setup a passwd file for squid user and also making a user

1. touch /etc/squid/passwd

2. htpasswd /etc/squid/passwd user1
   # type the password two time as it will ask for you

3. vim /etc/squid/squid.conf

#IN 4rth , 5th and 6th line (just make sure these line are afterward the above lines typed in this config file )

7a> auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd2

#————————————custom network—————-

7b> acl MyNetwork src 172.16.50.1-172.16.50.250 #this is the range of ip address

7c> acl squid_users proxy_auth REQUIRED

7d> http_access allow squid_users

7e> http_access allow MyNetwork

#————————————custom network————— #modified

1. service squid restart

#in order to block selected websites open the file below

1. vim /etc/squid/blocked_sites.acl

   #type here
   9a> .msn.com

   9b> .sstsinc.com

   9c> .abc.com

   #these are some example websites domain (no hard feelings for any 😛)

2. service squid restart

#NOTE just go to firefox and you will see an authentication window , type the username and password there
#then type .msn.com and you will find it blocked , and other websites also while google.com and other websites will be running

---

SETTING UP CUSTOM ERROR PAGE FOR 403 FORBIDDEN «ACCESS DENIED» BY WEBMASTER ERROR PAGE

---

1. vim /etc/squid/squid.conf

#search for «acl MyNetwork src 192.168.0.0/16»
#below that line type the following

AS you can see i am creating custom error page only for google.com

1. acl abcd dstdomain .google.com
   #note here abcd is again a variable
   #below that line type …

2. deny_info ERR_google abcd

3. http_access deny abcd
   #save and quit

#generally error html page are in /usr/share/squid/errors/templates

4A> cd /usr/share/squid/errors/templates

1. ls (to check all html specific error files)

2. vim ERR_google

#since we want to show info from our own custom error page file write html code inside it .

              <html>
              <head>
              <title>ERROR ACCESS DENIED BY Pcloudy</title>
              <style>
              body {background-color: powderblue;}
              h2   {color: grey;}
              h4   {color: red;}
              </style>
              </head>

              <body style="font-family:verdana; margin:0 auto;">

              <img src="https://media.licdn.com/dms/image/C510BAQGeEl73gX0Ozw/company-logo_200_200/0?e=2159024400&v=beta&t=AXswUI9W3WQYRZOF1_IKv_0T5BHwXiwm9JrLyUtR94E" alt="pcloudy image">
              <br>
              <br>
              <p>
              <h2> ERROR: 403 </h2>
              <br>
              <h2>You are not allowd to access this website <h2>
              <br>
              <br>
              <h4> For any query please contact webmaster </h4>
              </p>

              </body>
              </html>

#save and quit
#now you have to restart proxy server

1. service squid restart

#NOTE ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#check it again by going to www.google.com since i have only created custom error for that page only
#you can just add lines manually like «acl abcd dstdomain .anysite.com» in the config file or
#you can create a path as created befor «/etc/squid/blocked_sites.acl» and assign a variable «abcd» to it.

IMPORTANT TO NOTE

1> Firefox setting of the client machine has to be changed to manual proxy setting and the ip address will be set to ip address of server machine only .
here proxy :(SERVER IP) will be set with port 3128

***HOW TO STOP PEOPLE ACCESS THE INTERNET FROM TERMINAL AND ALLOW ONLY AFTER GIVING USERNAME AND PASSWORD FOR THAT PROXY SERVER FROM TERMINAL

Go to /etc/apt directory

1. cd /etc/apt

2. vim apt.conf
   ( apt.conf should only be the name of the file please donot make with anyother name )

Now write the following inside the file

NOTE just copy paste below lines , donot write your username and password here , it is just general instruction given to machine to check it.

1. Acquire::http::proxy «http://username:password@proxyserver:port/»;

2. Acquire::https::proxy «https://username:password@proxyserver:port/»;

3. Acquire:🧦:proxy «socks://username:password@proxyserver:port/»;

save and Quit it.

Always remember to restart the service , ie «service squid restart»

go to client machine or you can check for server machine also

After restarting the service, go to terminal with root user («#» symbol) and type …

5a. curl www.google.com

it will not let you run any command now from terminal

1. export http_proxy=»http://usercreated_by_you:psswordcreated_by_you@serverIPaddress:3128″

here username , password and ip will be put by your side to get the authentication from server .

6a. curl www.google.com

Type any command and it will work since you have the access to proxy server.

                ###  Some Additional command to get through proxy server while doing curl  ###

curl -A «Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko» -x 10.227.171.99:80 -v —insecure —location —request POST ‘<here your api you wanted to connect , example amazon aws api’

—header ‘x-api-key: provide amazon api key’
—header ‘Content-Type: application/json’
-d ‘{
«username»: «»,
«password»: «»
}’

curl -A «Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko» -x http://username:password@:80 -v —insecure —location —request POST ‘http://:8081/nexus/content/repositories/test.txt’

Thank YOU

Created by Anukool Srivastava

hi,

ok that looks good ur filter seems to work. Please try to get it work with http first. i remenber some problems with https. Maybe it doesnt work on https.
My Gui workin on no standard http port.

U edit sgerror.php and still get standard block page? hmm post ur sgerror.php.

Plz try to access https://firewall-ip:port#/firewallblock.php from a client. Can u post ur firewall.php?

I will try to configure a test system tommorow with ur config.  U are using Pfsense 1.2.3 with standard LAN WAN setup right?

Cya

EDIT:

Steps to get custom Page to work with transparent proxy with GUI on a http standard and nonstandard port
1. Install squid, Squidguard, Lightsquid Pakage
2. upload blacklist
3. configure squidguard default rule for blocking categories.
4. test filtering from a client, if standard block page appears u can go further otherwise u have to check config
5. modify /usr/local/www/sgerror.php

delete:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

IE displayed self-page, if them size > 1024

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

function get_error_page($er_code_id, $err_msg=») {
       global $err_code;
       global $cl;
       $str = Array();

header(«HTTP/1.1 » . $err_code[$er_code_id]);

$str[] = »;
       $str[] = »;
       $str[] = ‘

Request denied by pfSense proxy: ‘ . $err_code[$er_code_id] . ‘

‘;
       if ($err_msg) $str[] = » Reason: $err_msg»;
       $str[] = ‘

---

‘;
       if ($cl[‘a’])        $str[] = » Client address: {$cl[‘a’]}
«;
       if ($cl[‘n’])        $str[] = » Client name: {$cl[‘n’]}
«;
       if ($cl[‘i’])        $str[] = » Client user: {$cl[‘i’]}
«;
       if ($cl[‘s’])        $str[] = » Client group: {$cl[‘s’]}
«;
       if ($cl[‘t’])        $str[] = » Target group: {$cl[‘t’]}
«;
       if ($cl[‘u’])        $str[] = » URL: {$cl[‘u’]}
«;
       $str[] = ‘

---

‘;
       $str[] = «»;
       $str[] = «»;

return implode(«n», $str);
}

paste: (its simple html)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

IE displayed self-page, if them size > 1024

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

function get_error_page($er_code_id, $err_msg=») {
       global $err_code;
       global $cl;
       $str = Array();

header(«HTTP/1.1 » . $err_code[$er_code_id]);
$str[] = »;
       $str[] = »;
$str[] = »;
       $str[] = »;
$str[] = »;
$str[] = »;
               if ($cl[‘n’])        $str[] = «Client Name: {$cl[‘n’]} | «;
               if ($cl[‘a’])        $str[] = «Client IP: {$cl[‘a’]} | «;
               if ($cl[‘i’])        $str[] = «Client User: {$cl[‘i’]} | «;
               if ($cl[‘s’])        $str[] = «Group: {$cl[‘s’]} | «;
               if ($cl[‘t’])        $str[] = «Category: {$cl[‘t’]} «;
$str[] = »;

$str[] = ‘Adresse gesperrt!’;
$str[] = »;
if ($err_msg) $str[] = ‘

• ‘. $err_msg.’ —

‘;
if ($cl[‘u’])        $str[] = «

URL: {$cl[‘u’]}

«;
$str[] = ‘

Aufgrund von Zugriffsbeschränkungen ist Ihre Anfrage nicht erlaubt.
Bitte kontaktieren Sie die IT-Abteilung, wenn Sie der Meinung sind, daß dies nicht korrekt ist.

‘;
 $str[] = ‘


‘;
       $str[] = ‘Web Filtering by <a style=»color:#FFFFFF;»>PfSense</a> and <a style=»color:#FFFFFF;»>SquidGuard</a>’;
       $str[] = «»;
       $str[] = «»;

return implode(«n», $str);
}

keep in mind to change picture path if u want to use images in block page

6. restart proxy and squidguard

Steps to get custom Page to work with transparent proxy with GUI on a https standard and nonstandard port

redirection to the pfsense box itself fails.

1. u need to put errorpage on an external http server z.b debian with php installed.
2. create php script and use infos u get from squidguard variables

%a=client_address

%n=client_name

%i=client_user

%s=client_group

%t=target_group

%u=client_url»

3. change default rule to redirect to ext url

example:
http://extsource:port/block.php&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

hope that helps.

Cya