[squid-users] Odd log entries
rousskov at measurement-factory.com
Wed Sep 30 13:42:21 UTC 2020
On 9/30/20 5:29 AM, Ralf Hildebrandt wrote:
> I got quite a lot of those, dunno if they are from 5.0.2 oder 6.HEAD,
> though (mixed log):
> 1601367473.708 0 172.29.138.187 TCP_DENIED/403 3900 CONNECT:35415 - HIER_NONE/- text/html accessRule=notsslports -
> 1601368555.365 2 172.29.130.245 TCP_DENIED/403 3839 CONNECT:31481 - HIER_NONE/- text/html accessRule=notsslports -
> 1601383160.341 435 10.47.52.135 TCP_DENIED/403 4057 CONNECT:5001 - HIER_NONE/- text/html accessRule=notsslports -
> CONNECT, yes, but why is the host missing?
I am even more concerned about the lack of a space character after
"CONNECT". What is your custom logformat definition?
If the problem applies to all denied transactions, then you can probably
tell whether this is v5 or master/v6 problem by sending a manual
to-be-denied request to one or both of the Squid instances in question
and looking for your client address/timestamp in the access log.
Long-term, if you are going to continue mixing access records from
different Squid instances, then I would recommend adding a instance (and
worker) IDs to each access log record.
FWIW, I cannot reproduce this problem using a maser/v6-based branch with
default logformat and CONNECT requests to banned ports, but perhaps the
problem is specific to some CONNECT transactions or some listening port
More information about the squid-users