On 6/08/2013 12:57 a.m., Alfredo Rezinovsky wrote:
> I need a squid in tproxy mode to work in stealth mode
Please outline the requirements of your stealth mode and we might be
able to offer suggestions.
Hint: You *will* come down to the choice of whether to advertise the
proxy existence in HTTP protocol things or break clients connectivity.
Hint #2: no matter what choice you select from the above the proxy
becomes visible. Even by its action of breaking the connectivity it
reveals itself. ... There is *no* "stealth mode".
>
> I tried
> deny_info TCP_RESET all
>
Well. That tells me you will choose to break clients connectivity.
deny_info outlines the response action Squid us to deliver to the client
if an *access control* has explicitly resulted in "deny all".
It has no effect on:
* default access permission policies (ie denial due to an access control
setting being completely absent from squid.conf)
* HTTP protocol parsing or processing error responses (including
timeouts). These are *mandatory* in most cases.
* HTTP protocol auto-negotiation features. Such as rejecting unsupported
Expect: functionality. These are *mandatory* in some circumstances.
> but when squid timeouts or the destination server rejects the
> connection squid returns an error.
> I want squid to just reset the connection with no messages.
Note that some of the responses I qualified with "most cases" "some
circumstances". At present Squid has a blanket sending out of those
responses in all such occurances. This can be improved upon, but simply
does not exist yet in Squid.
Amos
Received on Tue Aug 06 2013 - 13:27:01 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 06 2013 - 12:00:15 MDT