On 14/06/2013 9:27 p.m., Peter Olsson wrote:
> We get a lot of these in our squid log:
>
> x.x.x.x - - [14/Jun/2013:11:20:01 +0200] "NONE error:invalid-request HTTP/0.0" 400 4026 NONE:NONE
>
> We tracked it to Spotify clients. We don't want to
> block Spotify but we want to avoid filling the log
> with these pointless lines.
Pointless? it alerted you to a bunch of non-HTTP traffic being thrown at
the proxy did it not?
Each and every one of these will be a TCP socket wasted until closure
timeout completes. If there were many of these at once you would be
calling it a DoS.
Since you ave tracked it down already could you explain exactly what is
going on there? Are the spotify clients attempting to send non-HTTP
traffic over port 80? or is that the result of excess data on the
connection being dumped?
> We run a non-transparent Squid 3.1.20 in FreeBSD.
> I will upgrade to Squid 3.2 this weekend, but I
> suspect that these lines will still be logged in 3.2.
>
> I tried this log_access, but it didn't work:
> acl spotify_invalid urlpath_regex invalid-request
> log_access deny spotify_invalid
> log_access allow all
>
> Anyone know how we can exclude these lines from the log?
"acl ... method NONE" should match them.
Amos
Received on Fri Jun 14 2013 - 09:43:49 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 14 2013 - 12:00:29 MDT