[squid-users] Warning: ACL is used in context without an HTTP response

Alex Rousskov rousskov at measurement-factory.com
Wed Sep 25 13:29:17 UTC 2019

On 9/25/19 7:12 AM, Alessandro Andrei wrote:
> My access_log file il flooded with messages that I do not want to see
> Specifically 
> 1) CONNECT vortex-win.data.microsoft.com
> 2) TCP_DENIED/407
> So I created two ACLs to exclude them from logging and applied it to my access log
> acl AuthRequest http_status 407
> acl excludefromlog dstdomain .vortex-win.data.microsoft.com
> access_log stdio:/var/log/squid/access.log logformat=squid !AuthRequest !excludefromlog

FYI: If you have two unwanted record kinds (one CONNECT and one
TCP_DENIED/407), then you should use a different rule to block _each_
record kind. The current rule only blocks logging of records that match
_both_ conditions. Look for any-of ACL.

> It works but now my cache.log is flooded with
> WARNING: AuthRequest ACL is used in context without an HTTP response. Assuming mismatch.

> I read in the mailing list archives this is the correct behaviour,

In the context of access_log, it is most likely a Squid bug. We have
recently fixed one similar bug but there may be more:

BTW, AuthRequest name is misleading. I know what you meant, but the
http_status ACL checks the response, not the request.

> but isn't there a way to avoid all this?

You can try patching your Squid or testing the fixed version. The former
may be difficult if you are not running master-based code (future v5).

You may also be able to avoid the WARNING if you adjust the rule to
check the "has response" condition before checking AuthRequest. Look for
the "has" ACL. However, you would have to decide whether to log all
records that lack responses. If any of those responses are absent due to
Squid bugs, your decision, whatever it is, may be incorrect in some cases.


More information about the squid-users mailing list