[squid-users] Odd log entries

Alex Rousskov rousskov at measurement-factory.com
Wed Sep 30 13:42:21 UTC 2020

On 9/30/20 5:29 AM, Ralf Hildebrandt wrote:
> I got quite a lot of those, dunno if they are from 5.0.2 oder 6.HEAD,
> though (mixed log):

> 1601367473.708      0 TCP_DENIED/403 3900 CONNECT:35415 - HIER_NONE/- text/html accessRule=notsslports -
> 1601368555.365      2 TCP_DENIED/403 3839 CONNECT:31481 - HIER_NONE/- text/html accessRule=notsslports -
> 1601383160.341    435 TCP_DENIED/403 4057 CONNECT:5001 - HIER_NONE/- text/html accessRule=notsslports -

> CONNECT, yes, but why is the host missing?

I am even more concerned about the lack of a space character after
"CONNECT". What is your custom logformat definition?

If the problem applies to all denied transactions, then you can probably
tell whether this is v5 or master/v6 problem by sending a manual
to-be-denied request to one or both of the Squid instances in question
and looking for your client address/timestamp in the access log.
Long-term, if you are going to continue mixing access records from
different Squid instances, then I would recommend adding a instance (and
worker) IDs to each access log record.

FWIW, I cannot reproduce this problem using a maser/v6-based branch with
default logformat and CONNECT requests to banned ports, but perhaps the
problem is specific to some CONNECT transactions or some listening port



More information about the squid-users mailing list