On 25/08/2016 12:39 a.m., Omid Kosari wrote: > This config works for dstdomain acl type > > acl test dstdomain 123.com > deny_info TCP_RESET test > adapted_http_access deny test > > > but it is not what i want . I want > > acl status_400 http_status 400 > deny_info TCP_RESET status_400 > adapted_http_access deny status_400 > > OR > > acl HTTP proto HTTP > acl PORT_80 port 80 > deny_info TCP_RESET PORT_80 !HTTP > adapted_http_access deny PORT_80 !HTTP >
Status code is only available in the response processing pathways. So use "http_reply_access deny test". As Alex showed the generated errors do go through that access control. For better control Squid-4 will be needed, and also the on_unsupported_protocol will need patching to be applied when HTTP parser detects unsupported protocol on port 80 (or 3128). AFAIK it is currently only done by SSL-Bump'ing code detecting non-TLS protocols on port 443. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
