On 08/28/2016 03:10 AM, Omid Kosari wrote: > Alex Rousskov wrote >> I understand that it works for regular requests. Does it also work (i.e., >> does Squid reset the connection) when handling a non-HTTP request on port 80? > No , when the request is non-HTTP it does not reset the connection . Great. Now please go back to the simpler configuration I asked you to test some time ago: http_reply_access deny all deny_info TCP_RESET all Does that work for non-HTTP request on port 80? > config: > acl test dst 69.58.188.49 > deny_info TCP_RESET test > http_reply_access deny test > > > ===== > test type: > telnet 123.com 80 > GET / HTTP/1.1 > host: 123.com > > > RESULT: > HTTP/1.1 403 Forbidden I am confused. Earlier you said "As i mention before the deny_info works in other configs" and gave a very similar configuration example with dstdomain ACL. Now you are showing that this example does _not_ work even with regular requests (you are getting HTTP headers from Squid instead of a TCP connection reset). Am I missing something? > config: > acl test dst 69.58.188.49 > deny_info TCP_RESET test > adapted_http_access deny test > > > ===== > test type: > telnet 123.com 80 > GET / HTTP/1.1 > host: 123.com > > > > RESULT: > note:empty, just disconnects the telnet OK, this works as expected, but we need to get it working for the http_reply_access IMO. > ===== > test type: > telnet 123.com 80 > sgsdgsdgsdgsdg > > RESULT: > HTTP/1.1 400 Bad Request > Server: squid > Mime-Version: 1.0 > Date: Sun, 28 Aug 2016 08:56:14 GMT > Content-Type: text/html;charset=utf-8 > Content-Length: 0 > X-Cache: MISS from cache1 > X-Cache-Lookup: NONE from cache1:3128 > Connection: close OK, this does not work, as expected (there is no matching request and/or adapted_http_access is not evaluated at all in this case). You need http_reply_access. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
