[squid-dev] [PATCH] Some failed transactions are not logged

Eduard Bagdasaryan eduard.bagdasaryan at measurement-factory.com
Fri Jul 15 14:40:03 UTC 2016


Hello,

There are situations when Squid logs nothing to access.log after an
[abnormal] transaction termination. Such "stealthy" transactions may be
a security risk and an accounting problem.

ClientHttpRequest is responsible for logging most transactions but that
object is created only after the HTTP request headers are successfully
parsed. Request header parsing errors may be detected and logged
appropriately, but the job handling the incoming transaction may
terminate for reasons outside the parsing code control (e.g., a job-
killing exception thrown when there are no request headers to start
parsing yet or when the job waits for more request headers to finishing
parsing).

This change adds access logging for two cases:

1. accept(2) system call errors (before ConnStateData job is created);

2. unexpected ConnStateData job termination, when there is no
    ClientHttpRequest to log the failure.

TODO: Squid still logs nothing when the connection closes before reading
request header data. We should probably make that behavior configurable
because such connections drain Squid resources (and, hence, should be
logged) but some browsers are known to routinely create them (and,
hence, logging them by default may create too much noise).

Regards,
Eduard.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-170-some-failed-transactions-not-logged-t6.patch
Type: text/x-patch
Size: 24104 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160715/1512cf99/attachment-0001.bin>


More information about the squid-dev mailing list