Search squid archive

Re: deny_info TCP_RESET all for hiding squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/08/2013 12:57 a.m., Alfredo Rezinovsky wrote:
I need a squid in tproxy mode to work in stealth mode

Please outline the requirements of your stealth mode and we might be able to offer suggestions.


Hint: You *will* come down to the choice of whether to advertise the proxy existence in HTTP protocol things or break clients connectivity.

Hint #2: no matter what choice you select from the above the proxy becomes visible. Even by its action of breaking the connectivity it reveals itself. ... There is *no* "stealth mode".


I tried
deny_info TCP_RESET all


Well. That tells me you will choose to break clients connectivity.

deny_info outlines the response action Squid us to deliver to the client if an *access control* has explicitly resulted in "deny all".

It has no effect on:
* default access permission policies (ie denial due to an access control setting being completely absent from squid.conf) * HTTP protocol parsing or processing error responses (including timeouts). These are *mandatory* in most cases. * HTTP protocol auto-negotiation features. Such as rejecting unsupported Expect: functionality. These are *mandatory* in some circumstances.

but when squid timeouts or the destination server rejects the connection squid returns an error.
I want squid to just reset the connection with no messages.

Note that some of the responses I qualified with "most cases" "some circumstances". At present Squid has a blanket sending out of those responses in all such occurances. This can be improved upon, but simply does not exist yet in Squid.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux