[squid-users] ACL is used in context without an HTTP response. Assuming mismatch

Alex Rousskov rousskov at measurement-factory.com
Thu May 12 22:39:41 UTC 2016

On 05/12/2016 04:04 PM, David Touzeau wrote:
> acl CODE_TCP_DENIED http_status 407
> access_log none CODE_TCP_DENIED
> But squid claim :  
> 2016/05/12 23:44:07 kid1| WARNING: CODE_TCP_DENIED ACL is used in
> context without an HTTP response. Assuming mismatch.
> Why this rule is wrong ?

Squid attempts to log every access(*). Sometimes, Squid is accessed, but
there is no response to log(**). Your rule assumes that there is always
a response. Squid warns that your assumption is wrong for the specific
access it is logging.

If there is no ACL that can be used to test the presence of a response
(and a request) in a master transaction [without triggering such
warnings], then we should add it.

Also, some Squids have bugs where there _is_ a response but Squid
logging code does not know about it. If you are running a relatively
recent Squid v4 release, you might be hitting one of those bugs
(although I would expect more/different error messages in that case).


(*) Squid fails to log certain accesses. We are fixing one of those bugs
right now.

(**) Imagine, for example, a client that starts sending an HTTP request
but closes the connection to Squid before finishing. Depending on what
state Squid was in when the connection got closed, there may be no
response created for that unfinished request.



More information about the squid-users mailing list