On Tue, Sep 18, 2007, Ian wrote:
> Hi,
>
> I have read the mailing lists and am aware (from old mailing list
> emails) that if squid receives the request it has to pass on an error
> page in certain circumstances.
Its not quite true - there's a "send TCP RST on certain errors" option
somewhere.
> I was wondering though if it would all be possible to not pass on an
> error page (maybe in a future version) if an error is found. If a
> connection failure then dont do anything and just let the browser time
> out etc? It seems more logical in ISP transparent cache environments
> where error pages cause more problems than they solve due to
> webservers being down, incorrect urls etc.
The only way to (portably) timeout a connection is to leave the socket
open until the browser decides its been too long. I'm not quite sure
this'll work the way you intend and its a definite DoS possibility
to your cache.
> In the meantime does anyone have a workaround or some other way I
> could do this (other than using online forms to capture data, or
> removing all contact details from the error page)
I've thought about it. I jotted down some brainstorming ideas when
thinking about how to handle asymmetric TCP flows during transparent
interception - http://www.creative.net.au/node/72 - it'd possibly
also "solve" your issues. I don't think its possible with current
kernels btw, you'd have to modify them to do the splicing.
Adrian
Received on Tue Sep 18 2007 - 00:24:57 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT