Ivanovo Linux Users Group -  
Форум Помощь Поиск Вход
Предыдущая Следующая Вверх Тема Администрирование / Общее администрирование / Squid 3.1.12 ACL is used but there is no HTTP reply -- not matching. (33837 хитов)
- Написал(а) hawk Дата 06.07.11 04:48 Отредактировано 06.07.11 04:51
Наблюдаю такую картину при просмотре лога /var/log/squid/cache.log. Все завалено и динамически постоянно добавляются записи:

2011/07/06 08:43:49| ACL::checklistMatches WARNING: 'deny_mime' ACL is used but there is no HTTP reply -- not matching.
2011/07/06 08:43:51| ACL::checklistMatches WARNING: 'deny_mime' ACL is used but there is no HTTP reply -- not matching.
2011/07/06 08:44:15| ACL::checklistMatches WARNING: 'deny_mime' ACL is used but there is no HTTP reply -- not matching.
2011/07/06 08:44:15| ACL::checklistMatches WARNING: 'deny_mime' ACL is used but there is no HTTP reply -- not matching.
2011/07/06 08:44:15| ACL::checklistMatches WARNING: 'deny_mime' ACL is used but there is no HTTP reply -- not matching.
В deny_mime следующие правила остались, по минимуму:
acl deny_mime rep_mime_type -i ^audio/
acl deny_mime rep_mime_type -i ^video/
Дальше блочу с исключениями:
http_access deny deny_mime !ip1022 !ip1025 !ip1027 !ip1050 !ip555
Как только ставишь комментарии на строки с правилами deny_mime "срач" в логе прекращается.
   
echo "good..." | perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'
Parent - Написал(а) hawk Дата 06.07.11 06:39 Отредактировано 06.07.11 07:01
Погуглил, что-то с кешем вроде связано выставил
cache deny deny_mime
не помогло.
Еще вот такое описание нашел:
Means you are checking an ACL which uses output data to determine what inputs are going to happen to cause output to be generated...
Но что с этим делать х.з.
echo "good..." | perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'
Parent Написал(а) Bercut Дата 06.07.11 18:45
не ну мож и правда нет ответа от сервака целевого
ты проверь
русский язык подобен искуству кун-фу, и великий мастер никогда не применит его без необходимости...
Parent - Написал(а) LOE (Site/forum admin) Дата 06.07.11 21:06
Что пишется в access_log на эти запросы?
"No! Try not! Do. Or do not. There is no try." -- Yoda
Parent - Написал(а) hawk Дата 07.07.11 04:10 Отредактировано 07.07.11 04:24
Как только появляется запись в access_log, например
1310012119.420     29 192.168.10.146 TCP_MISS/200 1056 GET http://export.yandex.ru/bar/reginfo.xml? - DIRECT/213.180.204.27 text/xml
в cache.log сразу идет
ACL::checklistMatches WARNING: 'deny_mime' ACL is used but there is no HTTP reply -- not matching.
При этом в access_log те записи, которые появляются вообще к потоковому видео аудио не относятся. Т.е. на image/png и на  text/xml на любую, сразу такая строка, как только комментирую rep_mime_type - все, тишина.
А вообще, кто нить блочит по rep_mime_type? на версиях сквида 3.x, такого не наблюдается?

p.s. вообще кроме спама в логе cache.log (при этом ежесекундного) за сквидом косяков не наблюдается, т.е. видео потоковое типа ютуба блочит, в остальном не падает все норма, обратил внимание на логи из-за предыдущей проблемы: pptpd squid, а так бы и не заглядывал :-), но думаю одно другому не мешает, т.е. это разные проблемы, тем не менее не решаемые какие то :-(.
echo "good..." | perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'
Parent - Написал(а) LOE (Site/forum admin) Дата 07.07.11 05:52
Как и из чего происходит подключение к потоку через сквид?
Предположение - прога запрашивает поток другим запросом и там, разумеется, нет http заголовков. Соответственно, идет ругань в лог.
Сними дамп трафика tcpdump'ом - сразу будет виден весь протокол "общения".
"No! Try not! Do. Or do not. There is no try." -- Yoda
Parent - Написал(а) hawk Дата 07.07.11 06:06 Отредактировано 07.07.11 06:08

>>Как и из чего происходит подключение к потоку через сквид?


Так стандартно - бразер, в нем настройки на проксик (он не прозрачный). При этом говорю, ошибка появляется даже когда поток то не запрашивают, на все обычные странички уже ругается, у меня такое ощущение, что это баг может какой, поэтому и спрашиваю кто на 3.x версии сидит, такого не наблюдает при ACL по mime типам.
Дамп гляну.
echo "good..." | perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'
Parent - Написал(а) kolka88 Дата 07.08.13 10:41
Вы так и не решили проблему? У меня тоже самое... Люди неужто никто с таким не сталкивался?
Parent - Написал(а) LOE (Site/forum admin) Дата 07.08.13 13:18
Кидай свой конфиг сквида (приаттачить к сообщению или в личку) и давай полный url запроса(-ов)
Надо щупать руками ситуацию.
"No! Try not! Do. Or do not. There is no try." -- Yoda
Parent - Написал(а) kolka88 Дата 07.08.13 22:11
Вот конфиг:

http_port 127.0.0.1:3128 intercept
connect_timeout 20 second
shutdown_lifetime 1 seconds
cache_dir ufs /usr/local/squid/cache 3000 16 256
maximum_object_size 4 GB
quick_abort_min -1 KB
coredump_dir /usr/local/squid/cache
access_log /usr/local/squid/log/access.log squid
log_mime_hdrs on
acl webserver src 10.135.1.7/32
acl localnet src 10.135.1.0/25 # RFC1918 possible internal network
acl multimedia urlpath_regex "/usr/local/etc/squid/AccessLists/block_multimedia.txt"
acl morning time 08:00-09:00
acl lanch time 12:00-13:00
acl after_work time 18:00-23:00
acl fails rep_mime_type ^.*mms.*
acl fails rep_mime_type ^.*ms-hdr.*
acl fails rep_mime_type ^.*x-fcs.*
acl fails rep_mime_type ^.*x-ms-asf.*
acl fails2 urlpath_regex dvrplayer mediastream mms://
acl fails2 urlpath_regex .asf$ .afx$ .flv$ .swf$
acl deny_rep_mime_flashvideo rep_mime_type -i video/flv
acl deny_rep_mime_shockwave rep_mime_type -i ^application/x-shockwave-flash$
acl x-type req_mime_type -i ^application/octet-stream$
acl x-type req_mime_type -i application/octet-stream
acl x-type req_mime_type -i ^application/x-mplayer2$
acl x-type req_mime_type -i application/x-mplayer2
acl x-type req_mime_type -i ^application/x-oleobject$
acl x-type req_mime_type -i application/x-oleobject
acl x-type req_mime_type -i application/x-pncmd
acl x-type req_mime_type -i ^video/x-ms-asf$
acl x-type2 rep_mime_type -i ^application/octet-stream$
acl x-type2 rep_mime_type -i application/octet-stream
acl x-type2 rep_mime_type -i ^application/x-mplayer2$
acl x-type2 rep_mime_type -i application/x-mplayer2
acl x-type2 rep_mime_type -i ^application/x-oleobject$
acl x-type2 rep_mime_type -i application/x-oleobject
acl x-type2 rep_mime_type -i application/x-pncmd
acl x-type2 rep_mime_type -i ^video/x-ms-asf$
acl torrent_mime rep_mime_type -i ^application/x-bittorrent$
acl torrent_mime rep_mime_type -i application/x-bittorrent
acl CONNECT method CONNECT
acl allowdomen dstdomain "/usr/local/etc/squid/AccessLists/allowdomenlitvin.txt"
acl allowdomenkasp dstdomain "/usr/local/etc/squid/AccessLists/allowdomenkasp.txt"
acl RestrictedDomains dstdomain "/usr/local/etc/squid/AccessLists/RestrictedDomains.txt"
http_access allow manager webserver
http_access allow manager
http_access allow webserver
http_access allow localhost
http_access deny all selector
http_access allow all allowdomenkasp
http_access allow buh allowdomen
http_access allow morning  RestrictedDomains
http_access allow lanch RestrictedDomains
http_access allow after_work RestrictedDomains
http_access allow lanch deny_rep_mime_flashvideo
http_reply_access allow lanch deny_rep_mime_flashvideo
http_access allow lanch deny_rep_mime_shockwave
http_reply_access allow lanch deny_rep_mime_shockwave
http_access allow lanch x-type
http_reply_access allow lanch x-type
http_access allow lanch fails
http_reply_access allow lanch fails
http_access allow lanch fails2
http_reply_access allow lanch fails2
http_access allow lanch multimedia
http_reply_access allow lanch multimedia
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT
http_access deny to_localhost
http_access allow it RestrictedDomains
http_access allow it multimedia
http_access allow it deny_rep_mime_flashvideo
http_reply_access allow it deny_rep_mime_flashvideo
http_access allow it deny_rep_mime_shockwave
http_reply_access allow it deny_rep_mime_shockwave
http_access allow it fails
http_reply_access allow it fails
http_access allow it fails2
http_reply_access allow it fails2
http_access allow it x-type
http_reply_access allow it x-type
http_access allow it x-type2
http_reply_access allow it x-type2
http_access allow it torrent_mime
http_reply_access allow it torrent_mime
http_reply_access deny deny_rep_mime_flashvideo
http_reply_access deny deny_rep_mime_shockwave
http_access deny fails
http_reply_access deny fails
http_access deny fails2
http_reply_access deny fails2
http_access deny x-type
http_reply_access deny x-type
http_access deny torrent_mime     
http_reply_access deny torrent_mime
#http_access deny x-type2
#http_reply_access deny x-type2
http_access deny torrent_mime
http_reply_access deny torrent_mime
http_access deny RestrictedDomains
http_access deny multimedia
http_access allow localnet
http_access allow localnet2
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
error_directory /usr/local/etc/squid/errors.local/ru
wccp2_router 10.135.1.1
wccp2_forwarding_method gre
wccp2_return_method gre


Причем не важно, делается запрос на любой абсолютно url да тут даже и не делаю запрос на url он начинает выплевывать это все дело(((, даже рестарт делаю и сразу срач, я подозреваю что может в этот момент и запросов то нет...

tail -r /var/log/squid/cache.log | more
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:34 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'torrent_mime' ACL is used but there is no HTTP reply -- not matching.
2013/08/08 09:07:33 kid1| ACL::checklistMatches WARNING: 'fails' ACL is used but there is no HTTP reply -- not matching.


И что делать даже не знаю...
Parent Написал(а) kolka88 Дата 15.08.13 22:31
Проблема решена. Как мне ответили на другом форуме:
Не сталкивался лично, но в документации ясно сказано, что rep_mime_type не предназначен для http_access.

rep_mime_type: regular expression pattern matching on the reply (downloaded content) content-type header. This is only usable in the http_reply_access directive, not http_access.
http://wiki.squid-cache.org/SquidFaq/SquidAcl

делаем http_reply_access вместо http_access.
Предыдущая Следующая Вверх Тема Администрирование / Общее администрирование / Squid 3.1.12 ACL is used but there is no HTTP reply -- not matching. (33837 хитов)

Powered by mwForum 2.12.0 © 1999-2007 Markus Wichitill

Page created in 0.366s with 10 database queries.