[squid-users] TCP_RESET non http requests on port 80

Alex Rousskov rousskov at measurement-factory.com
Sat Aug 27 21:41:26 UTC 2016


On 08/27/2016 05:44 AM, Omid Kosari wrote:
> Alex Rousskov wrote
>> I recommend starting with something like this:
>>
>>   http_reply_access deny all
>>   deny_info TCP_RESET all
>>
>> Does that reset all connections to Squid (after Squid fetches the reply)?
> 
> Thanks for reply .
> 
> As i mention before the deny_info works in other configs 

AFAICT, the examples you mentioned before were all wrong, for one reason
or another.


> for example 
> 
> acl test dstdomain 123.com
> deny_info TCP_RESET test
> http_reply_access deny test 
> 
> works fine and it only reset the connection without any additional headers .

You have not mentioned the above example before AFAICT. I understand
that it works for regular requests. Does it also work (i.e., does Squid
reset the connection) when handling a non-HTTP request on port 80?


> But if you looking for special purpose i will schedule a maintenance time
> and do following config as you said .
> 
>   http_reply_access deny all
>   deny_info TCP_RESET all

We can start with dstdomain if that is easier for you. I am surprised
you are testing this on a live Squid though. It would be much easier to
get it working in a lab first...

Alex.



More information about the squid-users mailing list