On 7/28/20 10:09 AM, Marcus Kool wrote: > bugs.squid-cache.org is not working now, but I think this is bug 4906. I bet you are right! If it is bug 4906 "src ACL mismatches when access logging TCP probes" then IP-based ACLs will not work in the transaction-end-before-headers context. I hope the "Test 3" approach quoted below can be used as a temporary workaround in supported Squid versions. FWIW, Factory has a (large) project fixing bug 4906 and many similar bugs. It is going through painful internal review cycles, but I hope we will request an official review soon. Cheers, Alex. > On 2020-07-28 15:01, Alex Rousskov wrote: >> On 7/28/20 5:38 AM, amaury@xxxxxx wrote: >>> thank for your suggestion. >> That specific suggestion was not mine :-) >> >> For free Squid support, please keep the conversation on squid-users. >> >> >>> I have tried with: >>> acl noTransactionLvs src 10.xxx.xxx.xxx/32 >>> acl noTransactionLvs src 10.xxx.xxx.xxx/32 >>> >>> acl hasRequest has request >>> acl dontLog all-of !hasRequest noTransactionLvs >>> access_log none dontLog >>> and with >>> acl noTransactionLvs src 10.xxx.xxx.xxx/32 >>> acl noTransactionLvs src 10.xxx.xxx.xxx/32 >>> >>> access_log none noTransactionLvs >>> access_log /var/log/squid4/access.log combined !noTransactionLvs >>> but without result. >> >> What is your Squid version? >> >> >> None of the configs below is the right long-term solution, but just for >> testing purposes, please try these three tests: >> >> * Test 1 (should log nothing): >> >> access_log none all >> # and no other access_log lines >> >> >> * Test 2 (should also log nothing): >> >> acl hasRequest has request >> access_log none !hasRequest >> access_log /var/log/squid4/access.log combined >> # and no other access_log lines >> >> >> * Test 3 (should only log regular transactions): >> >> acl hasRequest has request >> access_log none !hasRequest >> access_log /var/log/squid4/access.log combined >> # and no other access_log lines >> >> For each of the tests, please report whether regular transactions are >> logged to /var/log/squid4/access.log _and_ whether the loadbalancer >> probes are logged to /var/log/squid4/access.log >> >> >> Thank you, >> >> Alex. >> >> >> >>> ----Messaggio originale---- >>> Da: rousskov@measurement- >>> factory.com >>> Data: 27-lug-2020 15.19 >>> A: "amaury@xxxxxx"<amaury@xxxxxx>, >>> <squid-users@xxxxxxxxxxxxxxxxxxxxx> >>> Ogg: Re: filter >>> NONE/000 NONE error:transaction-end-before-headers >>> >>> On 7/27/20 6:30 AM, >>> amaury@xxxxxx wrote: >>> >>>> I would like to filter the message NONE/000 >>> NONE error: >>>> transaction-end-before-headers - HIER_NONE/- - - HTTP/0.0 >>> "-" 0 0 that >>>> it arrives from loadbalancer keep alived. >>> >>>> I have >>> red that It was/is a bug. >>> >>> Those records are not a bug if your >>> loadbalancer does open connections >>> to Squid's http_port. >>> >>> >>>> Please >>> could you give me a >>>> practical example example that how it works the: >>>> # acl aclname note [-m[=delimiters]] name [value ...] ? >>> The "note" >>> ACL tests prior annotations. It is unlikely to help in your >>> use case >>> because nothing will be able to annotate these half-baked >>> short-lived >>> transactions until they are logged. >>> >>> Please see whether Amos' recent >>> suggestion works for you: >>> >>> http://lists.squid-cache.org/pipermail/squid-users/2020-July/022461.html >>> >>> >>> HTH, >>> >>> Alex. >>> >>> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
