[squid-users] access_log acls
Marcus Kool
marcus.kool at urlfilterdb.com
Tue Nov 27 12:21:20 UTC 2018
I have an issue with access_log acls when a load balancer sends a TCP probe.
The goal is to not log errors caused by the TCP probes of the load balancer. All other errors must be logged.
I did a test with the following acls on one of our test systems to illustrate the issue:
logformat combha %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh %>ha
acl src_lb src 10.2.2.254/32
acl src_lb src 10.2.2.107/32
access_log stdio:/local/squid4/logs/*lb*access.log combha src_lb
access_log stdio:/local/squid4/logs/access.log combha !src_lb
The logging is almost as expected: all HTTP(S) traffic from 10.2.2.107 goes to lbaccess.log and all other traffic to access.log,
*but* imitating the TCP probe of the LB with a telnet session from 10.2.2.107 to the squid server which is immediately terminated or sends garbage, is logged with transaction-end-before-headers to
access.log, not lbaccess.log.
It seems that Squid, at the moment that it logs the transaction-end-before-headers error, does not consider the access_log acls or maybe has not yet processed the source IP to make the right decision.
Should the above acls send the errors to lbaccess.log ? If not, what set of acls can do it?
Thanks,
Marcus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181127/045d57e8/attachment.html>
More information about the squid-users
mailing list