[squid-users] TCP_RESET non http requests on port 80
Alex Rousskov
rousskov at measurement-factory.com
Sun Aug 28 23:53:26 UTC 2016
On 08/28/2016 03:10 AM, Omid Kosari wrote:
> Alex Rousskov wrote
>> I understand that it works for regular requests. Does it also work (i.e.,
>> does Squid reset the connection) when handling a non-HTTP request on port 80?
> No , when the request is non-HTTP it does not reset the connection .
Great. Now please go back to the simpler configuration I asked you to
test some time ago:
http_reply_access deny all
deny_info TCP_RESET all
Does that work for non-HTTP request on port 80?
> config:
> acl test dst 69.58.188.49
> deny_info TCP_RESET test
> http_reply_access deny test
>
>
> =====
> test type:
> telnet 123.com 80
> GET / HTTP/1.1
> host: 123.com
>
>
> RESULT:
> HTTP/1.1 403 Forbidden
I am confused. Earlier you said "As i mention before the deny_info works
in other configs" and gave a very similar configuration example with
dstdomain ACL. Now you are showing that this example does _not_ work
even with regular requests (you are getting HTTP headers from Squid
instead of a TCP connection reset). Am I missing something?
> config:
> acl test dst 69.58.188.49
> deny_info TCP_RESET test
> adapted_http_access deny test
>
>
> =====
> test type:
> telnet 123.com 80
> GET / HTTP/1.1
> host: 123.com
>
>
>
> RESULT:
> note:empty, just disconnects the telnet
OK, this works as expected, but we need to get it working for the
http_reply_access IMO.
> =====
> test type:
> telnet 123.com 80
> sgsdgsdgsdgsdg
>
> RESULT:
> HTTP/1.1 400 Bad Request
> Server: squid
> Mime-Version: 1.0
> Date: Sun, 28 Aug 2016 08:56:14 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 0
> X-Cache: MISS from cache1
> X-Cache-Lookup: NONE from cache1:3128
> Connection: close
OK, this does not work, as expected (there is no matching request and/or
adapted_http_access is not evaluated at all in this case). You need
http_reply_access.
Alex.
More information about the squid-users
mailing list