RE: [squid-users] deny_info TCP_RESET all ?

vincent.blondel_at_ing.be wrote:
> just one little question. I am trying to get 'deny_info TCP_RESET all'
> working but cannot. I get a sunos 5.8 running a squid 2.6.12 and I
would
> like not sending any error page to all clients.
>
> Maybe I did not really understand the real meaning of this statement
but
> I understand that a reset plus the right error code are sent to any
> clients including localhost and/or world to any error including 400
503
> ..
>
> I already tried to put this line everywhere in my config file but when
I
> simply try to telnet the squid server with any statement, let's
> blablabla, I always get a text/html 503 error page.
>
> Can somebody help me troubleshoot this problem .. thks in advance .

What that config statement means is:

  When user is blocked by the 'all' ACL, reset their TCP connection
immediately.

okay .. I see what you mean ...

To use: add 'all' at the end of each *_access line you want clients to
receive no error page from.

now ... let we take an example ... let's immagine somebody connect on
this squid and type something completely wrong ...

$ telnet localhost 80
..
Escape character is '^]'.
hsjhdqksdkqshdkjqshkd
..

this the config ..

acl PROTO proto HTTP
acl METHOD method GET
..
http_access deny !PROTO
deny_info TCP_RESET PROTO
..
http_access deny !METHOD
deny_info TCP_RESET METHOD

below lines I received in cache.log files ( with debug activated so I
get the internal parsing ). You see squid really complains due invalid
method, so he considers this as a bad request ..

2008/08/25 16:26:18| parseHttpRequest: Unsupported method
'hsjhdqksdkqshdkjqshkd
2008/08/25 16:26:18| clientReadRequest: FD 13 (x.x.x.x:50535) Invalid
Request

but as you can see it I still get a text/html response ..

$ telnet localhost 80
..
Escape character is '^]'.
hsjhdqksdkqshdkjqshkd
HTTP/1.0 400 Bad Request
Server: squid/2.6.STABLE16
Date: Mon, 25 Aug 2008 14:26:18 GMT
Content-Type: text/html
Content-Length: 1200
Expires: Mon, 25 Aug 2008 14:26:18 GMT
..

So I tested some other things with success and I see your explanation is
completely right ... but what did I make wrong in this case ??

thks for your help.

Amos

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE8
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------