Re: [squid-users] Warning: ACL is used in context without an HTTP response
On 9/25/19 11:07 AM, Alessandro Andrei wrote: > acl AuthResponse407 http_status 407 > acl excludefromlog dstdomain .vortex-win.data.microsoft.com > acl DoNotLog any-of AuthResponse407 excludefromlog > access_log stdio:/var/log/squid/access.log logformat=squid !DoNotLog > it's not clear to me how this check should be done in my > configuration Here are two untested sketches using the following basic ACL: acl Response407 http_status 407 acl ToVortex dstdomain .vortex-win.data.microsoft.com acl HasResponse has response * If you want to log non-vortex transactions without responses: acl Silenced all-of ToVortex acl Silenced all-of HasResponse Response407 access_log ... !Silenced * If you do _not_ want to log transactions without responses: acl Silenced all-of ToVortex acl Silenced all-of !HasResponse acl Silenced all-of Response407 access_log ... !Silenced HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Warning: ACL is used in context without an HTTP response
On 25/09/2019 15:29, Alex Rousskov wrote: On 9/25/19 7:12 AM, Alessandro Andrei wrote: My access_log file il flooded with messages that I do not want to see Specifically 1) CONNECT vortex-win.data.microsoft.com 2) TCP_DENIED/407 So I created two ACLs to exclude them from logging and applied it to my access log acl AuthRequest http_status 407 acl excludefromlog dstdomain .vortex-win.data.microsoft.com access_log stdio:/var/log/squid/access.log logformat=squid !AuthRequest !excludefromlog FYI: If you have two unwanted record kinds (one CONNECT and one TCP_DENIED/407), then you should use a different rule to block _each_ record kind. The current rule only blocks logging of records that match _both_ conditions. Look for any-of ACL. Of course, silly me! Changed to acl AuthResponse407 http_status 407 acl excludefromlog dstdomain .vortex-win.data.microsoft.com acl DoNotLog any-of AuthResponse407 excludefromlog access_log stdio:/var/log/squid/access.log logformat=squid !DoNotLog but isn't there a way to avoid all this? You can try patching your Squid or testing the fixed version. The former may be difficult if you are not running master-based code (future v5). I'm running version 3.5.20, the one that is installed by default with Centos 7 repos I guess I should download and compile version 4.8... You may also be able to avoid the WARNING if you adjust the rule to check the "has response" condition before checking AuthRequest. Look for the "has" ACL. However, you would have to decide whether to log all records that lack responses. If any of those responses are absent due to Squid bugs, your decision, whatever it is, may be incorrect in some cases. OK, if I get it correctly the "has" ACL requires version 4, so I DO have to upgrade Anyway it's not clear to me how this check should be done in my configuration Thanks! ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Warning: ACL is used in context without an HTTP response
On 9/25/19 7:12 AM, Alessandro Andrei wrote: > My access_log file il flooded with messages that I do not want to see > > Specifically > 1) CONNECT vortex-win.data.microsoft.com > 2) TCP_DENIED/407 > > So I created two ACLs to exclude them from logging and applied it to my > access log > > acl AuthRequest http_status 407 > acl excludefromlog dstdomain .vortex-win.data.microsoft.com > access_log stdio:/var/log/squid/access.log logformat=squid !AuthRequest > !excludefromlog FYI: If you have two unwanted record kinds (one CONNECT and one TCP_DENIED/407), then you should use a different rule to block _each_ record kind. The current rule only blocks logging of records that match _both_ conditions. Look for any-of ACL. > It works but now my cache.log is flooded with > WARNING: AuthRequest ACL is used in context without an HTTP response. > Assuming mismatch. > I read in the mailing list archives this is the correct behaviour, In the context of access_log, it is most likely a Squid bug. We have recently fixed one similar bug but there may be more: https://github.com/squid-cache/squid/pull/476 BTW, AuthRequest name is misleading. I know what you meant, but the http_status ACL checks the response, not the request. > but isn't there a way to avoid all this? You can try patching your Squid or testing the fixed version. The former may be difficult if you are not running master-based code (future v5). You may also be able to avoid the WARNING if you adjust the rule to check the "has response" condition before checking AuthRequest. Look for the "has" ACL. However, you would have to decide whether to log all records that lack responses. If any of those responses are absent due to Squid bugs, your decision, whatever it is, may be incorrect in some cases. Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Warning: ACL is used in context without an HTTP response
My access_log file il flooded with messages that I do not want to see Specifically 1) CONNECT vortex-win.data.microsoft.com 2) TCP_DENIED/407 So I created two ACLs to exclude them from logging and applied it to my access log acl AuthRequest http_status 407 acl excludefromlog dstdomain .vortex-win.data.microsoft.com access_log stdio:/var/log/squid/access.log logformat=squid !AuthRequest !excludefromlog It works but now my cache.log is flooded with WARNING: AuthRequest ACL is used in context without an HTTP response. Assuming mismatch. I read in the mailing list archives this is the correct behaviour, but isn't there a way to avoid all this? Thanks ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users