[squid-users] TCP_RESET non http requests on port 80

Alex Rousskov rousskov at measurement-factory.com
Sun Aug 28 23:53:26 UTC 2016


On 08/28/2016 03:10 AM, Omid Kosari wrote:
> Alex Rousskov wrote
>> I understand that it works for regular requests. Does it also work (i.e.,
>> does Squid reset the connection) when handling a non-HTTP request on port 80?

> No , when the request is non-HTTP it does not reset the connection .

Great. Now please go back to the simpler configuration I asked you to
test some time ago:

  http_reply_access deny all
  deny_info TCP_RESET all

Does that work for non-HTTP request on port 80?



> config:
> acl test dst 69.58.188.49
> deny_info TCP_RESET test
> http_reply_access deny test 
> 
> 
> =====
> test type:
> telnet 123.com 80
> GET / HTTP/1.1
> host: 123.com
> 
> 
> RESULT:
> HTTP/1.1 403 Forbidden

I am confused. Earlier you said "As i mention before the deny_info works
in other configs" and gave a very similar configuration example with
dstdomain ACL. Now you are showing that this example does _not_ work
even with regular requests (you are getting HTTP headers from Squid
instead of a TCP connection reset). Am I missing something?



> config:
> acl test dst 69.58.188.49
> deny_info TCP_RESET test
> adapted_http_access deny test
> 
> 
> =====
> test type:
> telnet 123.com 80
> GET / HTTP/1.1
> host: 123.com
> 
> 
> 
> RESULT:
> note:empty, just disconnects the telnet

OK, this works as expected, but we need to get it working for the
http_reply_access IMO.


> =====
> test type:
> telnet 123.com 80
> sgsdgsdgsdgsdg
> 
> RESULT:
> HTTP/1.1 400 Bad Request
> Server: squid
> Mime-Version: 1.0
> Date: Sun, 28 Aug 2016 08:56:14 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 0
> X-Cache: MISS from cache1
> X-Cache-Lookup: NONE from cache1:3128
> Connection: close

OK, this does not work, as expected (there is no matching request and/or
adapted_http_access is not evaluated at all in this case). You need
http_reply_access.

Alex.



More information about the squid-users mailing list