[squid-users] TCP_RESET non http requests on port 80

Omid Kosari omidkosari at yahoo.com
Mon Aug 29 13:40:56 UTC 2016


Alex Rousskov wrote
> On 08/28/2016 03:10 AM, Omid Kosari wrote:
>> Alex Rousskov wrote
>>> I understand that it works for regular requests. Does it also work
>>> (i.e.,
>>> does Squid reset the connection) when handling a non-HTTP request on
>>> port 80?
> 
>> No , when the request is non-HTTP it does not reset the connection .
> 
> Great. Now please go back to the simpler configuration I asked you to
> test some time ago:
> 
>   http_reply_access deny all
>   deny_info TCP_RESET all
> 
> Does that work for non-HTTP request on port 80?

config:
http_reply_access deny all
deny_info TCP_RESET all 

=====
test type:
telnet 123.com 80
sgsdgsdgsdgsdg 

RESULT: 
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Mon, 29 Aug 2016 13:30:47 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 5
X-Cache: MISS from cache1
X-Cache-Lookup: NONE from cache1:3128
Connection: close

reset

Connection to host lost.
==========================================




Alex Rousskov wrote
> I am confused. Earlier you said "As i mention before the deny_info works
> in other configs" and gave a very similar configuration example with
> dstdomain ACL. Now you are showing that this example does _not_ work
> even with regular requests (you are getting HTTP headers from Squid
> instead of a TCP connection reset). Am I missing something?

Sorry i mean with adapted_http_access . Maybe my typo 





--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-RESET-non-http-requests-on-port-80-tp4679102p4679239.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list