Re: [squid-users] Can one run cache_log thru an ACL?
On Mon, Dec 10, 2007, Tory M Blue wrote: > > If its your script/server causing those, needs fixing to only send the > > length header when length is pre-known. > > Otherwise you are under attack and have much bigger problems than squid. > > Okay well the data is not static, so I do not believe the length is > known until the transaction completes (A search for example, the site > can't provide any length information, until the search, dynamic stuff > is generated),. You cite "if pre-known", what if it's not pre-known, > than what is one suppose to do in this scenario? Then don't set a Content-Length in your reply and, if the request was HTTP/1.1, use chunked encoding if you would like to play nice and support persistent connections. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
Re: [squid-users] Can one run cache_log thru an ACL?
On Dec 10, 2007 5:18 PM, Amos Jeffries <[EMAIL PROTECTED]> wrote: > Well, this is a critical error for the data connection. > A source server is pumping data into squid without proper HTTP header > information to say what it is. > > The server is sending a Content-Length: header with the wrong length (too > short). Squid notices more data than was told about and terminates > connection to that source. > > It's a design feature added to protect against several very nasty bits of > viral/trojan/worm infection out in the web and alert people to when it > happens. > > If its your script/server causing those, needs fixing to only send the > length header when length is pre-known. > Otherwise you are under attack and have much bigger problems than squid. Okay well the data is not static, so I do not believe the length is known until the transaction completes (A search for example, the site can't provide any length information, until the search, dynamic stuff is generated),. You cite "if pre-known", what if it's not pre-known, than what is one suppose to do in this scenario? Thanks Tory
Re: [squid-users] Can one run cache_log thru an ACL?
> I have some important information that I would like to log. Like when > the origin servers or other disappear or when squid timeouts trying to > connect to a peer etc.etc. > > However I have a ton of information that my developers cite can't be > removed (basically an http error) "Dec 10 16:34:33 cache01 > squid[11509]: httpReadReply: Excess data from" Based on some dynamic > generated items. Well, this is a critical error for the data connection. A source server is pumping data into squid without proper HTTP header information to say what it is. The server is sending a Content-Length: header with the wrong length (too short). Squid notices more data than was told about and terminates connection to that source. It's a design feature added to protect against several very nasty bits of viral/trojan/worm infection out in the web and alert people to when it happens. If its your script/server causing those, needs fixing to only send the length header when length is pre-known. Otherwise you are under attack and have much bigger problems than squid. > > So obviously I want to log critical system information (well okay, > what's critical to me, is not the same for others), but I would love > to put in a rule that says something like !Excess data, so that my > logs are worth something. debug_options ALL,0 for critical and ALL,1 for important. ,9 is excess data inclusive. > > Any ideas, is this even a legit request for new releases? We are working on finding a better debug classification system. If you want it to go faster throw some mone into the issue. There are some proposals floating around squid-dev but nothing decided well enough to code yet. > > So in short, would love to be able to add an acl to my cache_log, so I > can decide what is important and what is not. While that might seem nice, consider that the initial lines were added by a programmer who created the code to show 'em self what is happening when things go wrong. Altering that trace locally prevents us being helpful when you do encounter a serious problem. Amos
[squid-users] Can one run cache_log thru an ACL?
I have some important information that I would like to log. Like when the origin servers or other disappear or when squid timeouts trying to connect to a peer etc.etc. However I have a ton of information that my developers cite can't be removed (basically an http error) "Dec 10 16:34:33 cache01 squid[11509]: httpReadReply: Excess data from" Based on some dynamic generated items. So obviously I want to log critical system information (well okay, what's critical to me, is not the same for others), but I would love to put in a rule that says something like !Excess data, so that my logs are worth something. Any ideas, is this even a legit request for new releases? So in short, would love to be able to add an acl to my cache_log, so I can decide what is important and what is not. Thanks Tory
