[squid-users] TCP_RESET non http requests on port 80
Alex Rousskov
rousskov at measurement-factory.com
Sat Aug 27 21:41:26 UTC 2016
On 08/27/2016 05:44 AM, Omid Kosari wrote:
> Alex Rousskov wrote
>> I recommend starting with something like this:
>>
>> http_reply_access deny all
>> deny_info TCP_RESET all
>>
>> Does that reset all connections to Squid (after Squid fetches the reply)?
>
> Thanks for reply .
>
> As i mention before the deny_info works in other configs
AFAICT, the examples you mentioned before were all wrong, for one reason
or another.
> for example
>
> acl test dstdomain 123.com
> deny_info TCP_RESET test
> http_reply_access deny test
>
> works fine and it only reset the connection without any additional headers .
You have not mentioned the above example before AFAICT. I understand
that it works for regular requests. Does it also work (i.e., does Squid
reset the connection) when handling a non-HTTP request on port 80?
> But if you looking for special purpose i will schedule a maintenance time
> and do following config as you said .
>
> http_reply_access deny all
> deny_info TCP_RESET all
We can start with dstdomain if that is easier for you. I am surprised
you are testing this on a live Squid though. It would be much easier to
get it working in a lab first...
Alex.
More information about the squid-users
mailing list