On 9/25/19 7:12 AM, Alessandro Andrei wrote: > My access_log file il flooded with messages that I do not want to see > > Specifically > 1) CONNECT vortex-win.data.microsoft.com > 2) TCP_DENIED/407 > > So I created two ACLs to exclude them from logging and applied it to my access log > > acl AuthRequest http_status 407 > acl excludefromlog dstdomain .vortex-win.data.microsoft.com > access_log stdio:/var/log/squid/access.log logformat=squid !AuthRequest !excludefromlog FYI: If you have two unwanted record kinds (one CONNECT and one TCP_DENIED/407), then you should use a different rule to block _each_ record kind. The current rule only blocks logging of records that match _both_ conditions. Look for any-of ACL. > It works but now my cache.log is flooded with > WARNING: AuthRequest ACL is used in context without an HTTP response. Assuming mismatch. > I read in the mailing list archives this is the correct behaviour, In the context of access_log, it is most likely a Squid bug. We have recently fixed one similar bug but there may be more: https://github.com/squid-cache/squid/pull/476 BTW, AuthRequest name is misleading. I know what you meant, but the http_status ACL checks the response, not the request. > but isn't there a way to avoid all this? You can try patching your Squid or testing the fixed version. The former may be difficult if you are not running master-based code (future v5). You may also be able to avoid the WARNING if you adjust the rule to check the "has response" condition before checking AuthRequest. Look for the "has" ACL. However, you would have to decide whether to log all records that lack responses. If any of those responses are absent due to Squid bugs, your decision, whatever it is, may be incorrect in some cases. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
