On 9/30/20 5:29 AM, Ralf Hildebrandt wrote: > I got quite a lot of those, dunno if they are from 5.0.2 oder 6.HEAD, > though (mixed log): > 1601367473.708 0 172.29.138.187 TCP_DENIED/403 3900 CONNECT:35415 - HIER_NONE/- text/html accessRule=notsslports - > 1601368555.365 2 172.29.130.245 TCP_DENIED/403 3839 CONNECT:31481 - HIER_NONE/- text/html accessRule=notsslports - > 1601383160.341 435 10.47.52.135 TCP_DENIED/403 4057 CONNECT:5001 - HIER_NONE/- text/html accessRule=notsslports - > CONNECT, yes, but why is the host missing? I am even more concerned about the lack of a space character after "CONNECT". What is your custom logformat definition? If the problem applies to all denied transactions, then you can probably tell whether this is v5 or master/v6 problem by sending a manual to-be-denied request to one or both of the Squid instances in question and looking for your client address/timestamp in the access log. Long-term, if you are going to continue mixing access records from different Squid instances, then I would recommend adding a instance (and worker) IDs to each access log record. FWIW, I cannot reproduce this problem using a maser/v6-based branch with default logformat and CONNECT requests to banned ports, but perhaps the problem is specific to some CONNECT transactions or some listening port configurations. Cheers, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
