On Tue, 20 Sep 2011 18:37:47 +0300, E.S. Rosenberg wrote:
Hi,
We are running squid 3.1 with NTLM authentication and I would like it
if access.log were not logging the HTTP/407 responses sent by squid
to
the browser on every single request.
Ideally the logging of the 407 would be something I turn on when I
want to know if a client is failing due to auth issues but generally
off.
Why would I like the 407s not logged? Since browsers seem to not
remember that in the last request they had to send an NTLM header so
this request they will also need it every single request made by the
browser seems to be go with at least one if not more HTTP/407
responses issued by the cache, each such response is about 4k in size
(if I read the log right) and at the end of the day when I run
analasys on the logs I have very skewed numbers since errors that
were
anyhow internal are counted the same way as external page access.
Also the 'excessive' amount of 407 traffic balloons the logfiles on
our more used proxy to the point that much more aggressive rotation
rules are needed.
Thanks,
Eli
Start with a check that persistent connections are enabled to both
clients and servers. The current generation of browsers are very good at
maintaining HTTP persistence when it is permitted. This by itself should
cut down the amount of 407's a lot.
If it is still a problem after that the http_status ACL type can
prevent caching by status result, or just to a particular file.
Amos
