请教LOG的分析方法

[ddbb]

http://pic.yupoo.com/konshon/250066aae2ac/x5tg41pg.jpg
这个图片......关了PROX就能打开 开了就打不开...

我查看了一下LOG...

Code: Select all

New Message Log Window....
GET 10099 : Cache-Control killed: no-cache
GET 10099 : Pragma no-cache stripped
BlockList 10099: in User-Agents, line 51

+++GET 10099+++
GET /konshon/250066aae2ac/x5tg41pg.jpg HTTP/1.0
User-Agent: Opera/10.00 (Windows NT 5.1; U)
Host: pic.yupoo.com
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ja-JP,ja;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Cookie: JSESSIONID=549CDB1E-AB6E-8B63-F450-77CBD7920087
Cookie2: $Version=1
Connection: keep-alive
RESP 10099 : Age killed: 770
RESP 10099 : Cache-Control replaced: max-age=600
RESP 10099 : Expires killed: Tue, 16 Dec 2008 09:11:37 GMT
RESP 10099 : Redirect killed: No jpg: http://pic0.yupoo.com/konshon/250066aae2ac/x5tg41pg/
RedirectTo: http://local.ptron/killed.gif
GET 10100 : Cache-Control killed: no-cache
GET 10100 : Pragma no-cache stripped
BlockList 10100: in User-Agents, line 51

不是很长.......可是我还是看不出来是哪里有问题..........

[phoenix]

Code: Select all

RESP 10099 : Redirect killed: No jpg: http://pic0.yupoo.com/konshon/250066aae2ac/x5tg41pg/
RedirectTo: http://local.ptron/killed.gif

这一句似乎有些可疑，你的IncludeExclude-U.ptxt文件中有没有关于yupoo的项目？另外，你没贴出服务器的返回信息。

我可以正常打开，下面是我的log：

Code: Select all

New Message Log Window....
GET 3863 : Cache-Control killed: no-cache
BlockList 3863: in User-Agents, line 51
GET 3863 : Time: 22:09:28::432

+++GET 3863+++
GET /konshon/250066aae2ac/x5tg41pg.jpg HTTP/1.1
User-Agent: Opera/10.00 (Windows NT 5.1; U)
Host: pic.yupoo.com
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Connection: keep-alive
RESP 3863 : Age killed: 26
RESP 3863 : Expires killed: Thu, 18 Dec 2008 14:09:01 GMT
RESP 3863 : Time: 22:09:29::572

+++RESP 3863+++
HTTP/1.1 200 OK
Server: nginx/0.5.35
Date: Tue, 16 Dec 2008 14:09:03 GMT
Content-Type: image/png; PrxMsg: Filter Image
Content-Length: 290875
Cache-Control: max-age=172800
Via: 1.0 cache7.nj.yupoo.com:80 (squid/2.6.STABLE12), 1.0 tj252:80 (Cdn Cache Server V2.0), 1.0 zb179:8101 (Cdn Cache Server V2.0), 1.0 syss125:8101 (Cdn Cache Server V2.0)
Connection: keep-alive
Last-Modified: Tue, 16 Dec 2008 14:09:29 GMT; PrxMsg: added
|.*.URL-ID: http://pic.yupoo.com/konshon/250066aae2ac/x5tg41pg.jpg
Match 3863: Top All Mark: Start     4.07.11 (multi) [sd] (d.r)
Match 3863: Top Sniff: Sel. File Types     7.12.03 [sd] (d.1)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
Match 3863: Protect: Sel. File Types     7.07.15 [sd] (d.r)
+++CLOSE 3863+++

[ddbb]

汗..........

奇怪........

昨天是别人在一个BBS贴图片 结果我看到全是空白 所以就查了一下......

现在又去看......居然又都能看到了......

难道昨天是网速问题?????

麻烦你了.....既然没问题就先不查这个了.......以后如果再有需要看LOG的再来问问.....

这个LOG始终看不太明白.............

[ddbb]

找到了.......

这个页面...........

http://soft.deepin.org/read-htm-tid-892879.html

下载附件

如果同时打开 Use Out-Header Filters 和 Use In-Header Filters 的话 就不会弹出保存框

关掉其中的任何一个 都可以正常下载........

我也看了有问题的时候的LOG 可是还是可不明白 -_-

Code: Select all

New Message Log Window....
BlockList 4271: in User-Agents, line 51

+++GET 4271+++
CONNECT / HTTP/1.0
User-Agent: Opera/10.00 (Windows NT 5.1; U)
Host: link-server.opera.com:443
Referer: http://slashdot.org/search/referrer-karma.php?q=Big+Bang

+++SSL 4271:+++
SSL Pass-Thru: CONNECT https://link-server.opera.com:443/
BlockList 4272: in AllowCookies, line 33
BlockList 4272: in AllowCookies, line 33
BlockList 4272: in User-Agents, line 40

+++GET 4272+++
GET /job-htm-action-download-pid-tpc-tid-892879-aid-1607762.html HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: soft.deepin.org
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ja-JP,ja;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip
Referer: http://soft.deepin.org/read-htm-tid-892879.html
Cookie: AJSTAT_ok_pages=54; AJSTAT_ok_times=1; ystat_bc_783250=60364142271099478; ystat_bc_783632=31095541642771449024; 34124_ipstate=1229474663; 34124_ipfrom=c524c9a06c0b57caf9217a1f76f6d428%09%B1%B1%BE%A9%CA%D0+%B0%B2%C0%B3%D0%C5%CF%A2%CD%A8%D0%C5%BC%BC%CA%F5%D3%D0%CF%DE%B9%AB%CB%BE; ystat_ss_783250=31_1229508756_2952257790; ystat_ss_783632=31_1229508757_3119151515; 34124_ol_offset=48134; 34124_cknum=UAJQXFEBBwMFVj5oClVSVVJVUVNaV1BbDgdRUQdXA1MABFUDBQUGUlEAVlA%3D; 34124_ck_info=%2F%09.deepin.org; 34124_winduser=VAJWUFcAPgUAUgAEUVECUgNSAAVaU1ZfUQFXVAFQU1FSUwVXUAJb; 34124_lastfid=0; 34124_lastvisit=7%091229480120%09%2Fjob.php%3Faction-download-pid-tpc-tid-892879-aid-1607762.html
Cookie2: $Version=1
Connection: keep-alive
RESP 4272 : Content-Disposition changed to "inline": 
RESP 4272 : Bogus Content-Encoding killed: none
BlockList 4272: in MIME-List, line 86
RESP 4272 : Expires killed: Thu, 18 Dec 2008 02:15:33 GMT
BlockList 4272: in AllowCookies, line 33
BlockList 4272: in AllowCookies, line 33
BlockList 4272: in AllowCookies, line 33
RESP 4272 : Vary killed: Accept-Encoding

+++RESP 4272+++
HTTP/1.0 200 OK
Server: nginx/0.7.22
Date: Wed, 17 Dec 2008 02:15:33 GMT
Content-Type: text/html; PrxMsg: Fixed acc. to File Extension: rar
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: 34124_lastvisit=20%091229480133%09%2Fjob.php%3Faction-download-pid-tpc-tid-892879-aid-1607762.html; expires=Thu, 17-Dec-2009 02:15:33 GMT; path=/; domain=.deepin.org
Last-Modified: Thu, 18 Dec 2008 02:15:33 GMT
Cache-control: max-age=86400
Content-Disposition: inline
Content-Length: 73
ETag: PrxMsg: html
+++CLOSE 4272+++

没开过滤的时候

Code: Select all

New Message Log Window....

+++GET 3950+++
GET /job-htm-action-download-pid-tpc-tid-892879-aid-1607762.html HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; zh-cn)
Host: soft.deepin.org
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ja-JP,ja;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Referer: http://soft.deepin.org/read-htm-tid-892879.html
Cookie: AJSTAT_ok_pages=49; AJSTAT_ok_times=1; ystat_bc_783250=60364142271099478; ystat_bc_783632=31095541642771449024; 34124_ipstate=1229474663; 34124_ipfrom=c524c9a06c0b57caf9217a1f76f6d428%09%B1%B1%BE%A9%CA%D0+%B0%B2%C0%B3%D0%C5%CF%A2%CD%A8%D0%C5%BC%BC%CA%F5%D3%D0%CF%DE%B9%AB%CB%BE; ystat_ss_783250=31_1229508756_2952257790; ystat_ss_783632=31_1229508757_3119151515; 34124_cknum=V1QCDQMFDg4EAzs4BwJSDgMGUlFVBFQBBFJXVVQJBVAJCQ8DVl9SAlMFVlY%3D; 34124_ck_info=%2F%09.deepin.org; 34124_winduser=U1QEAQULPg5SD1AIBVIECAcFAF5VBQ4EUVECA1QCBwJWXAQHV1YG; 34124_lastfid=0; 34124_ol_offset=48134; 34124_lastvisit=25%091229479979%09%2Fjob.php%3Faction-download-pid-tpc-tid-892879-aid-1607762.html
Cookie2: $Version=1
Connection: keep-alive

+++RESP 3950+++
HTTP/1.0 200 OK
Server: nginx/0.7.22
Date: Wed, 17 Dec 2008 02:13:12 GMT
Content-Type: rar
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: 34124_lastvisit=38%091229479992%09%2Fjob.php%3Faction-download-pid-tpc-tid-892879-aid-1607762.html; expires=Thu, 17-Dec-2009 02:13:12 GMT; path=/; domain=.deepin.org
Vary: Accept-Encoding
Last-Modified: Thu, 18 Dec 2008 02:13:12 GMT
Cache-control: max-age=86400
Expires: Thu, 18 Dec 2008 02:13:12 GMT
Content-Encoding: none
Content-Disposition: attachment; filename=ﾖﾐﾎﾄｸｽｼ.rar
Content-Length: 73
+++CLOSE 3950+++
+++CLOSE 3949+++

P.S: 下载需要有账号的 我已经把我的账号密码PM给你了......

[phoenix]

没试你的账号，单从log来看，过滤前的 Content-Type: rar 过滤后变为 Content-Type: text/html; PrxMsg: Fixed acc. to File Extension: rar ，是下面这条规则作用的结果：

Content-Type: 3c Fix acc. to File Extension 7.11.11 [srl sd] (d.1) (In)

在IncludeExclude-U.ptxt中加入下面语句试试：

Code: Select all

soft.deepin.org/		$SET(0=a_cont_typ.)

另一方面，deepin的服务器配置也有问题，RAR的正确Content-Type应该是application/x-rar-compressed。

[ddbb]

加了你这句话之后就可以了.........

真强..........这么多LOG你都能看到那句不一样........

我看了好几遍 都不知道该看哪里............

[ddbb]

那和加了没问题......

今天又不能用了........

放出过滤的和没过滤的LOG........

先是有问题的.......

Code: Select all

+++GET 708+++
GET /job-htm-action-download-pid-tpc-tid-897224-aid-1615973.html HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: soft.deepin.org
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ja-JP,ja;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip
Referer: http://soft.deepin.org/read-htm-tid-897224.html
Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; ystat_bc_783250=60364142271099478; ystat_bc_783632=31095541642771449024; 34124_cknum=UAJQXFEBBwMFVj5oClVSVVJVUVNaV1BbDgdRUQdXA1MABFUDBQUGUlEAVlA%3D; 34124_ck_info=%2F%09.deepin.org; 34124_winduser=VAJWUFcAPgUAUgAEUVECUgNSAAVaU1ZfUQFXVAFQU1FSUwVXUAJb; ystat_bc_783242=29714955183043937029; 34124_ipfrom=c524c9a06c0b57caf9217a1f76f6d428%09%B1%B1%BE%A9%CA%D0+%B0%B2%C0%B3%D0%C5%CF%A2%CD%A8%D0%C5%BC%BC%CA%F5%D3%D0%CF%DE%B9%AB%CB%BE; 34124_ol_offset=38337; 34124_ipstate=1230166787; 34124_lastfid=165; ystat_ss_783250=4_1230196431_1500170944; ystat_ss_783632=4_1230196431_3078464649; 34124_lastvisit=168%091230167856%09%2Fjob.php%3Faction-download-pid-tpc-tid-897224-aid-1615973.html
Cookie2: $Version=1
Connection: keep-alive
RESP 708 : Content-Disposition changed to "inline": 
RESP 708 : Bogus Content-Encoding killed: none
RESP 708 : Expires killed: Fri, 26 Dec 2008 01:17:49 GMT
BlockList 708: in AllowCookies, line 33
BlockList 708: in AllowCookies, line 33
BlockList 708: in AllowCookies, line 33
RESP 708 : Vary killed: Accept-Encoding

+++RESP 708+++
HTTP/1.0 200 OK
Server: nginx/0.7.22
Date: Thu, 25 Dec 2008 01:17:49 GMT
Content-Type: zip
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: 34124_lastvisit=181%091230167869%09%2Fjob.php%3Faction-download-pid-tpc-tid-897224-aid-1615973.html; expires=Fri, 25-Dec-2009 01:17:49 GMT; path=/; domain=.deepin.org
Last-Modified: Fri, 26 Dec 2008 01:17:49 GMT
Cache-control: max-age=86400
Content-Disposition: inline
Content-Length: 5390
+++CLOSE 708+++
BlockList 709: in User-Agents, line 51

没问题的........

Code: Select all

+++GET 788+++
GET /job-htm-action-download-pid-tpc-tid-897224-aid-1615973.html HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; zh-cn)
Host: soft.deepin.org
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ja-JP,ja;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cookie: AJSTAT_ok_pages=2; AJSTAT_ok_times=1; ystat_bc_783250=60364142271099478; ystat_bc_783632=31095541642771449024; ystat_bc_783242=29714955183043937029; 34124_ipfrom=c524c9a06c0b57caf9217a1f76f6d428%09%B1%B1%BE%A9%CA%D0+%B0%B2%C0%B3%D0%C5%CF%A2%CD%A8%D0%C5%BC%BC%CA%F5%D3%D0%CF%DE%B9%AB%CB%BE; 34124_ol_offset=38337; 34124_ipstate=1230166787; ystat_ss_783250=4_1230196431_1500170944; ystat_ss_783632=4_1230196431_3078464649; 34124_cknum=V1QDBAYEAA4GATs4DgcEXwYFAlNWDAILDg5VDlcGAABVWFUHAFcDVQFUVFY%3D; 34124_ck_info=%2F%09.deepin.org; 34124_winduser=U1QEAQULPg5SD1AIBVIECAcFAF5VBQ4EUVECA1QCBwJWXAQHV1YG; 34124_lastfid=0; 34124_lastvisit=9%091230167985%09%2Fread.php%3Ftid-897224.html
Cookie2: $Version=1
Connection: keep-alive

+++RESP 788+++
HTTP/1.0 200 OK
Server: nginx/0.7.22
Date: Thu, 25 Dec 2008 01:19:59 GMT
Content-Type: zip
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: 34124_lastvisit=23%091230167999%09%2Fjob.php%3Faction-download-pid-tpc-tid-897224-aid-1615973.html; expires=Fri, 25-Dec-2009 01:19:59 GMT; path=/; domain=.deepin.org
Vary: Accept-Encoding
Last-Modified: Fri, 26 Dec 2008 01:19:59 GMT
Cache-control: max-age=86400
Expires: Fri, 26 Dec 2008 01:19:59 GMT
Content-Encoding: none
Content-Disposition: attachment; filename=source-tree-view.zip
Content-Length: 5390
+++CLOSE 788+++

[phoenix]

注意这几行：

Code: Select all

RESP 708 : Content-Disposition changed to "inline": 
RESP 708 : Bogus Content-Encoding killed: none

似乎是deepin的服务器配置不规范导致的问题，把原来那条改为下面的形式，可以避免在http header方面的过滤。

Code: Select all

soft.deepin.org/      $SET(0=a_headers.)

[ddbb]

其实......我也注意到了那里....可是我看不出来是哪个规则起的作用.....

刚刚自己修改了规则.........把$LOG里全加上当前规则的名字了......以后或许会方便点吧.......

累死了...........不知道sidki还会不会更新.........如果他更新我就麻烦了.............

[ddbb]

又试了一次 这次出现了方法名字.......
上面的那两句现在是......

RESP 68 : [Content-Disposition: Display sel. Types inline 7.11.05 [sd] (d.1 l.3) (In)] :
RESP 68 : [Content-Encoding: 1 Block bogus Values 5.04.19 (d.0) (In)] Bogus Content-Encoding killed: none

第2句我没管 我只改了第一句里的KEYWORD

Code: Select all

(bbs|os|soft|fun).deepin.org/job-      $SET(0=a_type_d.)

现在已经没问题了..........

这个注释是.......
## don't display images/text/html inline $SET(0=a_type_d.)



居然还有这种东西............