[squid-users] Deny_Info TCP_RESET
squid at buglecreek.com
squid at buglecreek.com
Wed Mar 27 21:17:19 UTC 2019
Operating in reverse proxy mode. I'm trying to send a TCP reset in response to the acl below:
acl example_url url_regex -i [^:]+://[^0-9]*.example.com.*
deny_info TCP_RESET example_url
http_access deny example_url
Looking at the packets I see the following response:
HTTP/1.0 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Wed, 27 Mar 2019 20:36:20 GMT
Content-Type: text/html
Content-Length: 5
X-Squid-Error: TCP_RESET 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from www.example.com
X-Cache-Lookup: NONE from www.example.com:80
Via: 1.0 www.example.com (squid)
Connection: keep-alive
reset
Squid sends the headers and the word reset. Then future requests seem to work as expected. No headers are sent, the word reset isn't sent and squid ultimately sends a RST and ACK.
Then after some time or squid gets reloaded the headers are sent again, then things seem to work as I would expect.
I'm not sure if it will help, but wanted to try the following to see if that will get rid of that initial header being sent.
acl example_url url_regex -i [^:]+://[^0-9]*.example.com.*
deny_info TCP_RESET example_url
http_reply_access deny example_url
Do I still need the http_access deny example_url in addition to the http_reply_access deny example_url statement, or does the http_reply_access take the place of http_access statement:
acl example_url url_regex -i [^:]+://[^0-9]*.example.com.*
deny_info TCP_RESET example_url
http_reply_access deny example_url
http_access deny example_url
More information about the squid-users
mailing list