On 26/12/2013 8:22 p.m., m.shahverdi wrote: >> >>> Not possible because there is none that "recognize request protocol". >>> >>> What happens is admin configure squid.conf ports manually, one per >>> protocol type to be recieved. Squid only supports HTTP, HTTPS, ICP, >>> HTCP, and SNMP incoming traffic. >>> >>> The non-HTTP traffic support in Squid is for gatewaying traffic, where >>> Squid makes the outbound connection in FTP/Gopher/HTTP/HTTPS/Wais/ etc >>> so there is no detection or recognizing going on. >> >> Sorry, I don't understand. Could you please explain the squid scenario for >> a FTP request for example? Squid takes the traffic from the client and parses it as HTTP. This will either succeed or fail. There is no "recognize" logic to prevent the parsing. There is no undo functionality to rewind a transaction once it has started consuming bytes. When an FTP client connects to Squid there are three things which might happen: Scenario 1: FTP client connects to Squid and waits for the FTP server greeting. Squid waits for the client HTTP request. Up to 15mins later the hung connection is aborted. Scenario 2: FTP client connects to Squid and sends the FTP message: " USER anonymous " Squid parses the HTTP method "USER" and the URL "anonymous". Absence of "HTTP/x.x" field means HTTP/0.9 protocol backward compatibility is enabled: no mime headers expected, and anything is valid in the body section. At some point in the message handling (probably URL parsing trying to cope with the string "anonymous") Squid detects a major error in the message and aborts with an HTTP error message: HTTP/1.1 400 Invalid Request ... The FTP client then aborts because that is invalid FTP syntax. The FTP client software may (or may not) throw up an error about "status 0". Scenario 3: FTP client connects to Squid and sends the HTTP request: " GET ftp://example.com/ HTTP/1.1 Host: example.com " Squid parses and processes the HTTP request. Connecting to the FTP server example.com and and fetching the root directory listing data (using FTP protocol). Generating an HTTP response from that data for the client. Everything is happy. > > Furthermore is it possible to configure squid in order to redirect > unsupported requests instead of displaying error page to the user? > Do you know what "unsupported requests" means? These are three examples of unsupported requests: 1) aaf9w7fkj4h\t/asfwf9\tawd/1\r\nw4vwe:sef34,t2df\n\n 2) Secure * Secure-HTTP/1.4 Host: example.com 3) FIND /smash RDP/1.0 Host: example.com Response-Action: FORWARD-ANY Squid is *incapable* of doing anything proper with unsupported requests simply by fact of not being able to identify what they are saying. Amos