[squid-users] TCP_RESET non http requests on port 80
Alex Rousskov
rousskov at measurement-factory.com
Wed Aug 24 14:47:09 UTC 2016
On 08/24/2016 07:54 AM, Amos Jeffries wrote:
> on_unsupported_protocol will need patching to be applied when HTTP
> parser detects unsupported protocol on port 80 (or 3128).
on_unsupported_protocol determines (among other things) Squid behavior
when encountering a strange (i.e., probably non-HTTP) request at the
beginning of an accepted TCP connection (where Squid expects to see an
HTTP request). Thus, the existing implementation should cover non-HTTP
requests on port 80 (or 3128). If it does not, it is a bug. We should
polish the documentation to make this clear.
> AFAIK it is
> currently only done by SSL-Bump'ing code detecting non-TLS protocols on
> port 443.
Yes, the above use case is also covered by the existing implementation.
You might also be thinking about non-HTTP inside a bumped TLS tunnel.
IIRC, that is indeed not supported, but Factory is working on that.
HTH,
Alex.
More information about the squid-users
mailing list