On 08/29/2016 07:40 AM, Omid Kosari wrote: > config: > http_reply_access deny all > deny_info TCP_RESET all > > ===== > test type: > telnet 123.com 80 > sgsdgsdgsdgsdg > > RESULT: > HTTP/1.1 403 Forbidden > Server: squid > Mime-Version: 1.0 > Date: Mon, 29 Aug 2016 13:30:47 GMT > Content-Type: text/html;charset=utf-8 > Content-Length: 5 > X-Cache: MISS from cache1 > X-Cache-Lookup: NONE from cache1:3128 > Connection: close > > reset and > config: > acl test dst 69.58.188.49 > deny_info TCP_RESET test > http_reply_access deny test > > > ===== > test type: > telnet 123.com 80 > GET / HTTP/1.1 > host: 123.com > > > RESULT: > HTTP/1.1 403 Forbidden > Server: squid > Mime-Version: 1.0 > Date: Sun, 28 Aug 2016 08:45:23 GMT > Content-Type: text/html;charset=utf-8 > Content-Length: 5 > X-Cache: MISS from cache1 > X-Cache-Lookup: MISS from cache1:3128 > Connection: keep-alive > > reset Based on v3.5.19 test results you have posted, your Squid does not honor deny_info when processing http_reply_access. This problem definitely affects error messages generated by non-HTTP requests and probably affects regular responses as well. Most likely, Squid modifications would be required to fix/improve this. The next steps are outlined at http://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
