get many logentries "ACL is used in context without an ALE state. Assuming mismatch" after upgrade from 3.5 to 4.0.21 when using external helper

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

get many logentries "ACL is used in context without an ALE state. Assuming mismatch" after upgrade from 3.5 to 4.0.21 when using external helper

Dieter Bloms-2
Hello,

I used external helper with squid 3.5.xx several years without any
problem.
Now I tried to upgrade to squid 4.0.21 and squid seems to work fine, but
I get many logentries like:

--snip--
2017/09/14 07:43:12 kid3| WARNING: blockhostsdomain ACL is used in context without an ALE state. Assuming mismatch.
2017/09/14 07:43:12 kid3| WARNING: blockhostsip ACL is used in context without an ALE state. Assuming mismatch.
2017/09/14 07:44:12 kid4| WARNING: blockhostsdomain ACL is used in context without an ALE state. Assuming mismatch.
2017/09/14 07:44:12 kid4| WARNING: blockhostsip ACL is used in context without an ALE state. Assuming mismatch.
--snip--

when I switched the acls to a file list, the warnings are gone.

my acls for external helpers look like:

external_acl_type blockhostiptype ttl=3600 negative_ttl=3600 grace=50 children-max=10 children-startup=2 %DST /usr/bin/dnsbl-ip.pl bl
acl blockhostsip external blockhostiptype
external_acl_type blockhostdomaintype ttl=3600 negative_ttl=3600 grace=50 children-max=10 children-startup=2 %DST /usr/bin/dnsbl.pl dbl
acl blockhostsdomain external blockhostdomaintype

when I replaced to above lines with this two, the warnings are gone:

acl blockhostsip dst "/etc/squid/blockhosts.ips"
acl blockhostsdomain dstdomain "/etc/squid/blockhosts.domains"

but I want to use the external helpers, because the lists were updated
many times a day and a reconfigure of squid has an impact of 2-3 seconds.

As I said before, squid works fine and checks the acls, but I get many
warnings in the cache.log and don't know the cause of it.


--
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: get many logentries "ACL is used in context without an ALE state. Assuming mismatch" after upgrade from 3.5 to 4.0.21 when using external helper

Amos Jeffries
Administrator
On 14/09/17 18:08, Dieter Bloms wrote:
>
> As I said before, squid works fine and checks the acls, but I get many
> warnings in the cache.log and don't know the cause of it.

The cause of it is a change to how external ACL locate their state data
in Squid-4, so they can use logformat codes.

What access control(s) are you using this helper with?

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: get many logentries "ACL is used in context without an ALE state. Assuming mismatch" after upgrade from 3.5 to 4.0.21 when using external helper

Dieter Bloms-2
Hello Amos,

thank you for your answer!

On Thu, Sep 14, Amos Jeffries wrote:

> On 14/09/17 18:08, Dieter Bloms wrote:
> >
> > As I said before, squid works fine and checks the acls, but I get many
> > warnings in the cache.log and don't know the cause of it.
>
> The cause of it is a change to how external ACL locate their state data in
> Squid-4, so they can use logformat codes.
>
> What access control(s) are you using this helper with?

http_access deny blockhostsip
http_access deny blockhostsdomain

logformat blockhosts %ts.%03tu;%>a;%Ss/%03>Hs;%rm;%ru
access_log daemon:/var/log/squid/blockhosts-domains.log blockhosts
blockhostsdomain
access_log daemon:/var/log/squid/blockhosts-ip.log blockhosts
blockhostsip

deny_info ERR_CUSTOM_BLOCKHOSTS blockhostsip
deny_info ERR_CUSTOM_BLOCKHOSTS blockhostsdomain

In the ERR_CUSTOM_BLOCKHOSTS we use one variable %U, which will be
filled by squid.


--
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users