Re: [squid-users] How to add a banner to all (unauthenticated) pages?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 10 Jun 2008 15:00:56 +1200 (NZST)

> Hi all,
>
> I need to add a banner to unauthenticated groups informing them that they
> are using a restricted public network, while still allowing them to access
> the web, albeit at a slower speed via delay pools. So far, I have managed
> to add the banner to the pages using the redirector, a perl script and a
> php page that creates a frameset with the banner in the top frame, and the
> desired content in the main frame. Problem is that the request for the
> content in the main frame either gives an access denied error, or returns
> a blank document, or creates a whole page of repeating banners.
>
> Any thoughts?

1) your redirector is broken. It's testing for restricted.html instead of
restricted.php as its local-unique token.

2) your access permissions need to permit the host 'src' which runs your
PHP script access without redirection.
  'url_rewrite_access'

Amos

> [squid.conf]
> ## redirector
> acl group_restricted src 192.168.0.109 # ← redirecting only my
> workstation for testing purposes
> redirector_access allow group_restricted
> redirect_children 20
> redirect_rewrites_host_header off
> redirect_program /etc/squid/restricted-redirect.pl

redirect_* are obsolete. Use url_rewrite_* instead.

>
> [restricted-redirect.pl]
> BEGIN { $|=1 }
> if (m|restricted.html|) {
> } else {
> s|http://|http://192.168.0.100/restricted.php?url=http://|;
> }
>
> [restricted.php]
> <html>
> <head>
> <meta http-equiv="content-type" content="text/html;
> charset=UTF-8">
> <title>Restricted connection</title>
> <script>function checkTopFrame() {if (frames && frames[0]
> && frames[0].document) {try {frames[0].document.domain;}
> catch(e) {location = "/er
> </head>
> <frameset rows="100,*">
> <frame src="http://192.168.0.100/restricted.html"
> scrolling=no marginwidth=0 marginheight=0 onload="var d =
> frames[0].document;var l = d.lin
> <frame src="<?php echo $_GET["url"]?>">
> <noframes>Your browser does not support frames.
> </noframes>
> </frameset>
> </html>
>
> [squid-access.log]
> 1213031870.823 4 192.168.0.109 TCP_MISS/200 1293 GET
> http://www.microsoft.com/isapi/redir.dll? - DIRECT/192.168.0.100 text/html
> 1213031870.885 12 192.168.0.109 TCP_REFRESH_HIT/304 298 GET
> http://192.168.0.100/restricted.html - DIRECT/192.168.0.100 -
> 1213031870.888 3 192.168.0.109 TCP_MISS/200 1293 GET
> http://www.microsoft.com/isapi/redir.dll? - DIRECT/192.168.0.100 text/html
> 1213031882.863 1 192.168.0.109 TCP_MISS/200 1268 GET
> http://www.google.com/ - DIRECT/192.168.0.100 text/html
>
> [apache-access.log]
> 192.168.0.100 - - [09/Jun/2008:19:17:50 +0200] "GET
> /restricted.php?url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
> HTTP/1.0" 200 961
> 192.168.0.100 - - [09/Jun/2008:19:17:50 +0200] "GET /restricted.html
> HTTP/1.0" 304 -
> "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Mo
> 192.168.0.100 - - [09/Jun/2008:19:17:50 +0200] "GET
> /restricted.php?url=http://www.microsoft.com/isapi/redir.dll?prd=ie
> HTTP/1.0" 200 961 "http://www.micros
> 192.168.0.100 - - [09/Jun/2008:19:18:02 +0200] "GET
> /restricted.php?url=http://www.google.com/ HTTP/1.0" 200 936 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Win
>
>
>
>
Received on Tue Jun 10 2008 - 03:00:59 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 10 2008 - 12:00:03 MDT