vincent.blondel@xxxxxx wrote:
vincent.blondel@xxxxxx wrote:
just one little question. I am trying to get 'deny_info TCP_RESET all'
working but cannot. I get a sunos 5.8 running a squid 2.6.12 and I
would
like not sending any error page to all clients.
Maybe I did not really understand the real meaning of this statement
but
I understand that a reset plus the right error code are sent to any
clients including localhost and/or world to any error including 400
503
..
I already tried to put this line everywhere in my config file but when
I
simply try to telnet the squid server with any statement, let's
blablabla, I always get a text/html 503 error page.
Can somebody help me troubleshoot this problem .. thks in advance .
What that config statement means is:
When user is blocked by the 'all' ACL, reset their TCP connection
immediately.
okay .. I see what you mean ...
To use: add 'all' at the end of each *_access line you want clients to
receive no error page from.
now ... let we take an example ... let's immagine somebody connect on
this squid and type something completely wrong ...
$ telnet localhost 80
..
Escape character is '^]'.
hsjhdqksdkqshdkjqshkd
..
this the config ..
acl PROTO proto HTTP
acl METHOD method GET
..
http_access deny !PROTO
deny_info TCP_RESET PROTO
..
http_access deny !METHOD
deny_info TCP_RESET METHOD
below lines I received in cache.log files ( with debug activated so I
get the internal parsing ). You see squid really complains due invalid
method, so he considers this as a bad request ..
2008/08/25 16:26:18| parseHttpRequest: Unsupported method
'hsjhdqksdkqshdkjqshkd
2008/08/25 16:26:18| clientReadRequest: FD 13 (x.x.x.x:50535) Invalid
Request
but as you can see it I still get a text/html response ..
$ telnet localhost 80
..
Escape character is '^]'.
hsjhdqksdkqshdkjqshkd
HTTP/1.0 400 Bad Request
Server: squid/2.6.STABLE16
Date: Mon, 25 Aug 2008 14:26:18 GMT
Content-Type: text/html
Content-Length: 1200
Expires: Mon, 25 Aug 2008 14:26:18 GMT
..
So I tested some other things with success and I see your explanation is
completely right ... but what did I make wrong in this case ??
thks for your help.
Amos
(NP: to general readers, only half of the text above attributed to me is
by me, the rest is by VB.)
In my experience Squid has some weirdness where the deny_info needs to
be created before any http_access lines that are expected to use it.
Moving it up a line or two might show different results.
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE8
