On Tue, Sep 18, 2007, Ian wrote: > Hi, > > I have read the mailing lists and am aware (from old mailing list > emails) that if squid receives the request it has to pass on an error > page in certain circumstances. Its not quite true - there's a "send TCP RST on certain errors" option somewhere. > I was wondering though if it would all be possible to not pass on an > error page (maybe in a future version) if an error is found. If a > connection failure then dont do anything and just let the browser time > out etc? It seems more logical in ISP transparent cache environments > where error pages cause more problems than they solve due to > webservers being down, incorrect urls etc. The only way to (portably) timeout a connection is to leave the socket open until the browser decides its been too long. I'm not quite sure this'll work the way you intend and its a definite DoS possibility to your cache. > In the meantime does anyone have a workaround or some other way I > could do this (other than using online forms to capture data, or > removing all contact details from the error page) I've thought about it. I jotted down some brainstorming ideas when thinking about how to handle asymmetric TCP flows during transparent interception - http://www.creative.net.au/node/72 - it'd possibly also "solve" your issues. I don't think its possible with current kernels btw, you'd have to modify them to do the splicing. Adrian
