[squid-users] Warning: ACL is used in context without an HTTP response

[Alessandro Andrei]

On 25/09/2019 15:29, Alex Rousskov wrote:
> On 9/25/19 7:12 AM, Alessandro Andrei wrote:
>> My access_log file il flooded with messages that I do not want to see
>>
>> Specifically
>> 1) CONNECT vortex-win.data.microsoft.com
>> 2) TCP_DENIED/407
>>
>> So I created two ACLs to exclude them from logging and applied it to my access log
>>
>> acl AuthRequest http_status 407
>> acl excludefromlog dstdomain .vortex-win.data.microsoft.com
>> access_log stdio:/var/log/squid/access.log logformat=squid !AuthRequest !excludefromlog
> 
> FYI: If you have two unwanted record kinds (one CONNECT and one
> TCP_DENIED/407), then you should use a different rule to block _each_
> record kind. The current rule only blocks logging of records that match
> _both_ conditions. Look for any-of ACL.


Of course, silly me!
Changed to

acl AuthResponse407 http_status 407
acl excludefromlog dstdomain .vortex-win.data.microsoft.com
acl DoNotLog any-of AuthResponse407 excludefromlog
access_log stdio:/var/log/squid/access.log logformat=squid !DoNotLog




>> but isn't there a way to avoid all this?
> 
> You can try patching your Squid or testing the fixed version. The former
> may be difficult if you are not running master-based code (future v5).


I'm running version 3.5.20, the one that is installed by default with 
Centos 7 repos

I guess I should download and compile version 4.8...


> You may also be able to avoid the WARNING if you adjust the rule to
> check the "has response" condition before checking AuthRequest. Look for
> the "has" ACL. However, you would have to decide whether to log all
> records that lack responses. If any of those responses are absent due to
> Squid bugs, your decision, whatever it is, may be incorrect in some cases.

OK, if I get it correctly the "has" ACL requires version 4, so I DO have 
to upgrade
Anyway it's not clear to me how this check should be done in my 
configuration


Thanks!