And, you still see the non-healthcheck, normal traffic logged using the X-Forwarded-For information? Here is my entire config, maybe this will help: # What port do we want to listen on? http_port 80 # Define refresh patterns for content types refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # Define network ACL's acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network acl loadbalancers src 10.26.100.136/255.255.255.255 acl loadbalancers src 10.26.100.137/255.255.255.255 # Define access ACL's. To allow SSL tunneling to a new port, add that port # to the "ssl_ports" ACL. To allow HTTP access over new ports, add that port # to the "safe_ports" ACL, and so on. acl manager proto cache_object acl ssl_ports port "/etc/squid/acl-ssl_ports" acl safe_ports port "/etc/squid/acl-safe_ports" acl deny_sites dstdomain "/etc/squid/acl-deny_sites" acl deny_browsers browser "/etc/squid/acl-deny_browsers" acl CONNECT method CONNECT # Define HTTP access rules http_access deny manager !localhost http_access deny !safe_ports http_access deny CONNECT !ssl_ports http_access deny deny_sites http_access deny deny_browsers http_access allow localhost http_access allow localnet http_access deny all # Allow icp_access to allowed_src_hosts # icp_access allow allowed_src_hosts # icp_access deny all_src # We want to append the X-Forwarded-For header for Websense follow_x_forwarded_for allow loadbalancers log_uses_indirect_client on acl_uses_indirect_client on # Define Logging (do not log loadbalancer health checks) access_log /var/log/squid/access.log squid log_access deny !loadbalancers coredump_dir /var/spool/squid pid_filename /var/run/squid.pid httpd_suppress_version_string on shutdown_lifetime 5 seconds # We don't cache, so there is no need to waste disk I/O on cache logging cache_store_log none # Define SNMP properties # We will proxy requestst to Squid's internal agent from net-snmp acl snmpprivate snmp_community fcsnmp1ro snmp_port 3401 snmp_access allow snmpprivate localhost snmp_access deny all # Allow non-FQDN hostnames, even though they are bad bad bad! dns_defnames on # Disable all caching cache deny all cache_dir null /tmp # Misc Configuration negative_ttl 0 -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Friday, March 19, 2010 6:55 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: Ignore requests from certain hosts in access_log Baird, Josh wrote: > Amos, > > Do you think that what I am trying to achieve is possible? Yes. Do exactly the same myself with a simple !aclname at the end of access_log directives. I can't figure out why neither that nor the longer log_access is working for you. Amos > -----Original Message----- > From: Baird, Josh > Sent: Tuesday, March 16, 2010 9:25 AM > To: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx > Subject: RE: Ignore requests from certain hosts in access_log > > Hi Amos, > > Same results. Nothing coming from the load balancers is being logged (even requests using X-Forwarded-For). Here is my configuration: > > acl loadbalancers src x.x.x.y/255.255.255.255 > acl loadbalancers src x.x.x.z/255.255.255.255 > > follow_x_forwarded_for allow loadbalancers > log_uses_indirect_client on > acl_uses_indirect_client on > > # Define Logging (do not log loadbalancer health checks) > access_log /var/log/squid/access.log squid > log_access deny !loadbalancers > > Without the "log_access" directive enabled, all requests are logged using their X-Forwarded-For source address: > > 1268749629.423 354 172.26.100.23 TCP_MISS/200 1475 GET http://webmail.blah.net/? - DIRECT/72.29.72.189 text/plain > > These are the types of requests that I am trying to prevent from being logged: > > 1268749630.481 0 x.x.x.y TCP_DENIED/400 2570 GET error:invalid-request - NONE/- text/html > > (where x.x.x.y is the load balancer, and the request is a "health check" of the web proxy service) > > Thanks, > > Josh > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Monday, March 15, 2010 6:52 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Ignore requests from certain hosts in access_log > > On Mon, 15 Mar 2010 12:15:49 -0500, "Baird, Josh" <jbaird@xxxxxxxxxxx> > wrote: >> Ok, that sort of worked. I have a pair of load balancers sitting in >> front of my Squid proxy farm. The load balancers insert the >> X-Forwarded-For header into each HTTP request which allows Squid to log >> their connections using their real client source IP (extracted from >> X-Forwarded-For). In reality, the connections to the squid servers are >> being made directly from the load balancers. >> >> When I use log_access to deny logging to the load balancer's IP >> addresses, -nothing- gets logged to access_log. I am attempting to not >> log the "health HTTP checks" from 10.26.100.130/10.26.100.131 but still >> log the other traffic. It doesn't seem that log_access is >> X-Forwarded-For aware? Any ideas? >> >> acl loadbalancers src 10.26.100.130/255.255.255.255 >> acl loadbalancers src 10.26.100.131/255.255.255.255 >> log_access deny !loadbalancers > > Ah, you will require these as well: > # to trust what the load balancers report for XFF > follow_x_forwarded_for allow loadbalancers > > # to use the XFF details in the logs > log_uses_indirect_client on > > # to use the XFF details in ACL tests > # telling loadbalancer generated requests from relayed > acl_uses_indirect_client on > > > Amos
