[squid-users] filter NONE/000 NONE error:transaction-end-before-headers

Alex Rousskov rousskov at measurement-factory.com
Tue Jul 28 15:01:24 UTC 2020


On 7/28/20 10:09 AM, Marcus Kool wrote:
> bugs.squid-cache.org is not working now, but I think this is bug 4906.

I bet you are right! If it is bug 4906 "src ACL mismatches when access
logging TCP probes" then IP-based ACLs will not work in the
transaction-end-before-headers context. I hope the "Test 3" approach
quoted below can be used as a temporary workaround in supported Squid
versions.

FWIW, Factory has a (large) project fixing bug 4906 and many similar
bugs. It is going through painful internal review cycles, but I hope we
will request an official review soon.


Cheers,

Alex.


> On 2020-07-28 15:01, Alex Rousskov wrote:
>> On 7/28/20 5:38 AM, amaury at tin.it wrote:
>>> thank for your suggestion.
>> That specific suggestion was not mine :-)
>>
>> For free Squid support, please keep the conversation on squid-users.
>>
>>
>>> I have tried with:
>>> acl noTransactionLvs src 10.xxx.xxx.xxx/32
>>> acl noTransactionLvs src 10.xxx.xxx.xxx/32
>>>
>>> acl hasRequest has request
>>> acl dontLog all-of !hasRequest noTransactionLvs
>>> access_log none dontLog
>>> and with
>>> acl noTransactionLvs src 10.xxx.xxx.xxx/32
>>> acl noTransactionLvs src 10.xxx.xxx.xxx/32
>>>
>>> access_log none noTransactionLvs
>>> access_log /var/log/squid4/access.log combined !noTransactionLvs
>>> but without result.
>>
>> What is your Squid version?
>>
>>
>> None of the configs below is the right long-term solution, but just for
>> testing purposes, please try these three tests:
>>
>> * Test 1 (should log nothing):
>>
>>    access_log none all
>>    # and no other access_log lines
>>
>>
>> * Test 2 (should also log nothing):
>>
>>    acl hasRequest has request
>>    access_log none !hasRequest
>>    access_log /var/log/squid4/access.log combined
>>    # and no other access_log lines
>>
>>
>> * Test 3 (should only log regular transactions):
>>
>>    acl hasRequest has request
>>    access_log none !hasRequest
>>    access_log /var/log/squid4/access.log combined
>>    # and no other access_log lines
>>
>> For each of the tests, please report whether regular transactions are
>> logged to /var/log/squid4/access.log _and_ whether the loadbalancer
>> probes are logged to /var/log/squid4/access.log
>>
>>
>> Thank you,
>>
>> Alex.
>>
>>
>>
>>> ----Messaggio originale----
>>> Da: rousskov at measurement-
>>> factory.com
>>> Data: 27-lug-2020 15.19
>>> A: "amaury at tin.it"<amaury at tin.it>,
>>> <squid-users at lists.squid-cache.org>
>>> Ogg: Re: [squid-users] filter
>>> NONE/000 NONE error:transaction-end-before-headers
>>>
>>> On 7/27/20 6:30 AM,
>>> amaury at tin.it wrote:
>>>
>>>> I would like to filter the message NONE/000
>>> NONE error:
>>>> transaction-end-before-headers - HIER_NONE/- - - HTTP/0.0
>>> "-" 0 0 that
>>>> it arrives from loadbalancer keep alived.
>>>
>>>> I have
>>> red that It was/is a bug.
>>>
>>> Those records are not a bug if your
>>> loadbalancer does open connections
>>> to Squid's http_port.
>>>
>>>
>>>> Please
>>> could you give me a
>>>> practical example example that how it works the:
>>>> # acl aclname note [-m[=delimiters]] name [value ...] ?
>>> The "note"
>>> ACL tests prior annotations. It is unlikely to help in your
>>> use case
>>> because nothing will be able to annotate these half-baked
>>> short-lived
>>> transactions until they are logged.
>>>
>>> Please see whether Amos' recent
>>> suggestion works for you:
>>>
>>> http://lists.squid-cache.org/pipermail/squid-users/2020-July/022461.html
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list