[squid-users] supress some special error messages fromm access.log

Alex Rousskov rousskov at measurement-factory.com
Thu Aug 30 16:14:34 UTC 2018


On 08/30/2018 08:03 AM, Verwaiser wrote:

> since updating our proxy (now squid 4.03) I get very very many error
> messages like the following examples:
> 
> /192.168.12.120 - - [30/Aug/2018:12:11:51 +0200] "NONE
> error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE

AFAIK, the following email summarizes the current status of those
transaction-end-before-headers log entries:
http://lists.squid-cache.org/pipermail/squid-users/2017-June/015781.html


> How can I get rid of these messages? Is it possible to construct an ACL

Probably yes. Look at your access log entries and try (a combination of)
simple ACLs that are likely to match logged default/zero values: port,
localport, proto, method, http_status, hier_code, and has.

When designing your ACLs, be as restrictive as you can to minimize the
chance of false positives (that you will never see logged and so you
will not know that they exist). It may be a good idea to log all matches
into a separate log so that you can easily double check that they all
have error:transaction-end-before-headers.

Once you figure it out, please post the winning combination here.


> like
> /acl noTransactionError url_regex -i "error:transaction-end-before-headers"
> access_log none noTransactionError /
> 
> (doesnt work...)

If url_regex does not work in this context, it is a bug. The same bug
probably makes the workaround mentioned above possible. You can
facilitate fixing this bug instead of fiddling with ACLs, of course.


HTH,

Alex.


More information about the squid-users mailing list