On 14/06/2013 9:27 p.m., Peter Olsson wrote:
We get a lot of these in our squid log:
x.x.x.x - - [14/Jun/2013:11:20:01 +0200] "NONE error:invalid-request HTTP/0.0"
400 4026 NONE:NONE
We tracked it to Spotify clients. We don't want to
block Spotify but we want to avoid filling the log
with these pointless lines.
Pointless? it alerted you to a bunch of non-HTTP traffic being thrown at
the proxy did it not?
Each and every one of these will be a TCP socket wasted until closure
timeout completes. If there were many of these at once you would be
calling it a DoS.
Since you ave tracked it down already could you explain exactly what is
going on there? Are the spotify clients attempting to send non-HTTP
traffic over port 80? or is that the result of excess data on the
connection being dumped?
We run a non-transparent Squid 3.1.20 in FreeBSD.
I will upgrade to Squid 3.2 this weekend, but I
suspect that these lines will still be logged in 3.2.
I tried this log_access, but it didn't work:
acl spotify_invalid urlpath_regex invalid-request
log_access deny spotify_invalid
log_access allow all
Anyone know how we can exclude these lines from the log?
"acl ... method NONE" should match them.
Amos
