Hello, Eliezer,
I reproduced the issue in the test environment.
I configured my squid with the debug_options: ALL,1 28,9
and ran the test curl from the same proxy host:
curl -m 4 -k --tlsv1.2 --proxy-user 'user:pass' -s -o /dev/null -w "%{http_code}" --proxy localhost:3131 https://archive.org
The client got the 200-response and it works fine.
In the access.log the corresponding records are:
2023-06-22 10:59:58| 747 127.0.0.1 NONE_NONE/200/- 0 CONNECT archive.org:443 - HIER_DIRECT/archive.org - - - -
2023-06-22 10:59:58| 201 127.0.0.1 TCP_MISS/200/200 3833 GET https://archive.org/ - HIER_DIRECT/archive.org text/html - - -
2023-06-22 10:59:58| 201 127.0.0.1 TCP_MISS/200/200 3833 GET https://archive.org/ - HIER_DIRECT/archive.org text/html - - -
The cache.log is available at the link: https://drive.google.com/file/d/12xQch5nHAzijAh4PxZV4mZzjviYX7l7B/view?usp=sharing
There are three warnings there:
grep WARN /tmp/acl.log
2023/06/22 10:59:57.875 kid6| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.
2023/06/22 10:59:57.884 kid6| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.
2023/06/22 10:59:58.536 kid6| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.
2023/06/22 10:59:58.536 kid6| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.
The domdst_SIProxy ACL is used only to change the outgoing address for specific domains:
acl domdst_SIProxy dstdomain "/data/squid.user/etc/squid/categories/domdst_SIProxy"
tcp_outgoing_address 10.72.235.184 domdst_SIProxy
The test URL https://archive.org is not in the domdst_SIProxy list.
Squid is configured with an SSL-Bump feature, if it matters.
I think we could ignore these warnings as squid works perfectly, but maybe there is a workaround to suppress logs flooding?
Kind regards,
Ankor.
пн, 12 июн. 2023 г. в 10:54, <ngtech1ltd@xxxxxxxxx>:
Hey Ankor,
There is some missing context so I would be able to reproduce this issue.
Is this some kind of CONNECT request?
If you can describe in more technical details the setup and what client are you using,
Maybe couple sanitized log lines it would help to understand better the scenario.
Eliezer
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Andrey K
Sent: Friday, June 9, 2023 10:03
To: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx>; Amos Jeffries <squid3@xxxxxxxxxxxxx>
Subject: Using tcp_outgoing_address with ACL
Hello,
We use the tcp_outgoing_address feature to access some hosts using a dedicated source IP address.
acl domdst_SIProxy dstdomain "/data/squid.user/etc/squid/categories/domdst_SIProxy"
tcp_outgoing_address 10.72.235.129 domdst_SIProxy
It works fine, but logs are flooded with warnings like this:
2023/06/09 08:30:07 kid2| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.
I found a similar case: http://lists.squid-cache.org/pipermail/squid-users/2015-January/001629.html where Amos suggested using a patch as a solution.
We have Squid Version 5.5. Is there a similar patch for our version, or can we just ignore these messages?
Kind regards,
Ankor.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users