On Thu, Apr 22, 2010 at 02:55:43PM +0200, Jan-Frode Myklebust wrote:
> On 2010-04-21, Willy Tarreau <w#1wt.eu> wrote:
> >
> > You can also use haproxy in front of squid to suppress the 502 in the
> > response, because you can make it block this response (which normally
> > also causes a 502 to be sent to the client), but you can define what
> > to send on the 502 error. Basically it would look like this :
> >
> > rspdeny ^HTTP/1.0\ 502
> > errorfile 502 /dev/null
>
> Yes, thanks, this works. And I see I can also block it earlier using reqdeny.
>
> reqdeny ^HEAD
> errorfile 403 /dev/null
ah if you only need to block HEAD requests, you'd better use ACLs then, it's cheaper :
http-request deny if { METH_HEAD } errorfile 403 /dev/null
You may even send those requests to a specific backend with its own error page so that you don't disturb the normal error 403 processing.
>
> > BTW, I'm recalling that squid also supports custom error responses,
> > but I don't know if you can rewrite the status code or not.
>
> Yes, maybe, but the squid cache is shared by lots of other clients, while
> we only need to block a subset of these and can point them at a separate
> port. So HAproxy looks like a good solution for this. Although it's a hack
> I definitely would prefer not to go into production with.. better to fix
> the clients if we can.
yes, and if you go in prod with this, the application's developers will pretend there is no problem because it obviously works...
Willy Received on 2010/04/22 23:12
This archive was generated by hypermail 2.2.0 : 2010/04/22 23:15 CEST