On 14/06/2013 9:27 p.m., Peter Olsson wrote:
We get a lot of these in our squid log: x.x.x.x - - [14/Jun/2013:11:20:01 +0200] "NONE error:invalid-request HTTP/0.0" 400 4026 NONE:NONE We tracked it to Spotify clients. We don't want to block Spotify but we want to avoid filling the log with these pointless lines.
Pointless? it alerted you to a bunch of non-HTTP traffic being thrown at the proxy did it not? Each and every one of these will be a TCP socket wasted until closure timeout completes. If there were many of these at once you would be calling it a DoS.
Since you ave tracked it down already could you explain exactly what is going on there? Are the spotify clients attempting to send non-HTTP traffic over port 80? or is that the result of excess data on the connection being dumped?
We run a non-transparent Squid 3.1.20 in FreeBSD. I will upgrade to Squid 3.2 this weekend, but I suspect that these lines will still be logged in 3.2. I tried this log_access, but it didn't work: acl spotify_invalid urlpath_regex invalid-request log_access deny spotify_invalid log_access allow all Anyone know how we can exclude these lines from the log?
"acl ... method NONE" should match them. Amos
