On 6/08/2013 12:57 a.m., Alfredo Rezinovsky wrote:
I need a squid in tproxy mode to work in stealth mode
Please outline the requirements of your stealth mode and we might be
able to offer suggestions.
Hint: You *will* come down to the choice of whether to advertise the
proxy existence in HTTP protocol things or break clients connectivity.
Hint #2: no matter what choice you select from the above the proxy
becomes visible. Even by its action of breaking the connectivity it
reveals itself. ... There is *no* stealth mode.
I tried
deny_info TCP_RESET all
Well. That tells me you will choose to break clients connectivity.
deny_info outlines the response action Squid us to deliver to the client
if an *access control* has explicitly resulted in deny all.
It has no effect on:
* default access permission policies (ie denial due to an access control
setting being completely absent from squid.conf)
* HTTP protocol parsing or processing error responses (including
timeouts). These are *mandatory* in most cases.
* HTTP protocol auto-negotiation features. Such as rejecting unsupported
Expect: functionality. These are *mandatory* in some circumstances.
but when squid timeouts or the destination server rejects the
connection squid returns an error.
I want squid to just reset the connection with no messages.
Note that some of the responses I qualified with most cases some
circumstances. At present Squid has a blanket sending out of those
responses in all such occurances. This can be improved upon, but simply
does not exist yet in Squid.
Amos
