[squid-users] Making squid discrete when facing protocol error messages?

Amos Jeffries squid3 at treenet.co.nz
Sat Jul 2 03:59:57 UTC 2016


On 2/07/2016 6:27 a.m., Kristopher Lalletti wrote:
> I'm looking for the ACL / option / feature that will prevent SQUID
> from presenting an error page for reasons like "ERR_INVALID_REQ" and
> any other reasons.
> 
> Basically, id's want something like this:
> 
> acl 400 http_status 400
> deny_info TCP_RESET 400
> 
> But, it appears that the ACLs are not parsed when it's a protocol
> error, which suggests that this is happening at a much lower level,
> because not even my "reply_header_access X-Squid-Error deny all" ACL
> is taking effect for this condition.
> 

Correct, there isn't a way ACLs can do that. Protocol errors in the
request message are handled right at the beginning when all Squid has to
work with is a TCP socket. Their very nature means the HTTP has not yet
started - the failing message would have been the start if it was not
invalid.

reply_header_access by contrast is almost the last thing to happen, when
the server has produced a response and Squid is about to start its
delivery back to the client.

The 'invalid-request' response Squid generates is the first step in
failure recovery. Informing the client that HTTP is a minimum
requirement for using that port.

Amos



More information about the squid-users mailing list