[squid-users] ACL is used in context without an HTTP response. Assuming mismatch
David Touzeau
david at articatech.com
Fri May 13 07:06:46 UTC 2016
Thanks Alex
Any ACLs tips to avoid these warning ? or just assume it's normal in this situation... ?
-----Message d'origine-----
De : Alex Rousskov [mailto:rousskov at measurement-factory.com]
Envoyé : vendredi 13 mai 2016 00:40
À : squid-users at lists.squid-cache.org
Cc : David Touzeau <david at articatech.com>
Objet : Re: [squid-users] ACL is used in context without an HTTP response. Assuming mismatch
On 05/12/2016 04:04 PM, David Touzeau wrote:
>
> acl CODE_TCP_DENIED http_status 407
> access_log none CODE_TCP_DENIED
>
>
>
> But squid claim :
>
> 2016/05/12 23:44:07 kid1| WARNING: CODE_TCP_DENIED ACL is used in
> context without an HTTP response. Assuming mismatch.
>
>
> Why this rule is wrong ?
Squid attempts to log every access(*). Sometimes, Squid is accessed, but there is no response to log(**). Your rule assumes that there is always a response. Squid warns that your assumption is wrong for the specific access it is logging.
If there is no ACL that can be used to test the presence of a response (and a request) in a master transaction [without triggering such warnings], then we should add it.
Also, some Squids have bugs where there _is_ a response but Squid logging code does not know about it. If you are running a relatively recent Squid v4 release, you might be hitting one of those bugs (although I would expect more/different error messages in that case).
Endnotes:
(*) Squid fails to log certain accesses. We are fixing one of those bugs right now.
(**) Imagine, for example, a client that starts sending an HTTP request but closes the connection to Squid before finishing. Depending on what state Squid was in when the connection got closed, there may be no response created for that unfinished request.
HTH,
Alex.
More information about the squid-users
mailing list