[squid-users] TCP_RESET non http requests on port 80
Alex Rousskov
rousskov at measurement-factory.com
Mon Aug 29 14:14:20 UTC 2016
On 08/29/2016 07:40 AM, Omid Kosari wrote:
> config:
> http_reply_access deny all
> deny_info TCP_RESET all
>
> =====
> test type:
> telnet 123.com 80
> sgsdgsdgsdgsdg
>
> RESULT:
> HTTP/1.1 403 Forbidden
> Server: squid
> Mime-Version: 1.0
> Date: Mon, 29 Aug 2016 13:30:47 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 5
> X-Cache: MISS from cache1
> X-Cache-Lookup: NONE from cache1:3128
> Connection: close
>
> reset
and
> config:
> acl test dst 69.58.188.49
> deny_info TCP_RESET test
> http_reply_access deny test
>
>
> =====
> test type:
> telnet 123.com 80
> GET / HTTP/1.1
> host: 123.com
>
>
> RESULT:
> HTTP/1.1 403 Forbidden
> Server: squid
> Mime-Version: 1.0
> Date: Sun, 28 Aug 2016 08:45:23 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 5
> X-Cache: MISS from cache1
> X-Cache-Lookup: MISS from cache1:3128
> Connection: keep-alive
>
> reset
Based on v3.5.19 test results you have posted, your Squid does not honor
deny_info when processing http_reply_access. This problem definitely
affects error messages generated by non-HTTP requests and probably
affects regular responses as well. Most likely, Squid modifications
would be required to fix/improve this. The next steps are outlined at
http://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
Alex.
More information about the squid-users
mailing list