I put together a patch that might be helpful for code red sufferers.
With the patch, you can make Squid reset the client's TCP connection
instead of sending back an error message. After applying the patch
(to squid-2.4), you'd use it something like this in squid.conf:
acl codered url_regex /default.ida.... (whatever identifies the worm)
deny_info ERR_RESET codered
http_access deny codered
then, just put the word 'reset' in ERR_RESET:
echo reset > /usr/local/squid/etc/errors/ERR_RESET
then restart/reconfigure Squid.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:36 MST