Re: [squid-users] Reverse Proxy Funny Logging Issue

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 23 Jan 2013 18:30:09 +1300

On 23/01/2013 5:34 a.m., dweimer wrote:
> I just upgraded my reverse proxy server last night from 3.1.20 to
> 3.2.6, all is working well except one of my log rules, and I can't
> figure out why.

Please run "squid -k parse" and resolve the WARNING or ERROR which are
listed.

There are two possible reasons...

>
> I have a several sites behind the server, with dstdomain access rules
> setup.
>
> acl website1 dstdomain www.website1.com
> acl website2 dstdomain www.website2.com
> acl website2 dstdomain www.website3.com

Possible reason #1 (assuming thi is an accurate copy-n-paste from yoru
config file)..... you have no website3 ACL definition?

> ...
>
> Followed by the access rules
>
> http_access allow website1
> http_access allow website2
> http_access allow website3
> ...
> http_access deny all
>
> Some are using rewrites
> url_rewrite_program /usr/local/etc/squid/url_rewrite.py
> url_rewrite_children 20
> url_rewrite_access allow website1
> url_rewrite_access allow website3
> ...
> url_rewrite_access deny all
>
> Then my access logs
>
> # First I grab everything in one
> access_log daemon:/var/log/squid/access.log squid all
>
> # Then individual logs for each webiste, to be parsed with webalizer
> logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st
> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

Possible problem #2. "combined" is now a built-in format name beginning
with 3.2 series.
  * If you want the Apache format, please remove this line and use the
built-in formater.
  * If you want your own alterations to the format, please use another name.

> access_log daemon:/var/log/squid/website1.log combined website1
> access_log daemon:/var/log/squid/website2.log combined website2
> access_log daemon:/var/log/squid/website3.log combined website3
> ...
>
> everything works, write down to one of the access logs, the data shows
> up in the access.log file, the data shows up in the individual logs
> for all the others, except that one. If we use website3 from the
> above example like my actual file the access rule works on the
> url_rewrite_access allow line, but for some reason is failing on the
> log line. squid -k parse doesn't show any errors, and shows a
> Processing: access_log daemon:/var/log/squid/website3.log combined
> website3 line in the output.
>
> The log in question was originally at the end of my access_log list
> section, so I changed the order around to see if for some reason it
> was only the last one not working, no change still only that one not
> working, And the new last one in the list still works as expected.
>
> I know the ACL is working as it works correctly on the rewrite rule
> and the http access just above the log rules, anyone have any ideas on
> how I can figure out why the log entry isn't working?

Is the domain name in question being rewritten by the helper? That would
cause it to be acepted in http_access then url_rewrite_access, then
different for logging.

Amos
Received on Wed Jan 23 2013 - 05:30:21 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 23 2013 - 12:00:05 MST