Search squid archive

Re: TCP_RESET non http requests on port 80

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/29/2016 07:40 AM, Omid Kosari wrote:
> config:
> http_reply_access deny all
> deny_info TCP_RESET all 
> 
> =====
> test type:
> telnet 123.com 80
> sgsdgsdgsdgsdg 
> 
> RESULT: 
> HTTP/1.1 403 Forbidden
> Server: squid
> Mime-Version: 1.0
> Date: Mon, 29 Aug 2016 13:30:47 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 5
> X-Cache: MISS from cache1
> X-Cache-Lookup: NONE from cache1:3128
> Connection: close
> 
> reset

and

> config:
> acl test dst 69.58.188.49
> deny_info TCP_RESET test
> http_reply_access deny test 
> 
> 
> =====
> test type:
> telnet 123.com 80
> GET / HTTP/1.1
> host: 123.com
> 
> 
> RESULT:
> HTTP/1.1 403 Forbidden
> Server: squid
> Mime-Version: 1.0
> Date: Sun, 28 Aug 2016 08:45:23 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 5
> X-Cache: MISS from cache1
> X-Cache-Lookup: MISS from cache1:3128
> Connection: keep-alive
> 
> reset


Based on v3.5.19 test results you have posted, your Squid does not honor
deny_info when processing http_reply_access. This problem definitely
affects error messages generated by non-HTTP requests and probably
affects regular responses as well. Most likely, Squid modifications
would be required to fix/improve this. The next steps are outlined at

http://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux