Search squid archive

Re: Problem with ACL in access_log directive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you Amos, it works.
I just forgot that in the xxx_access directives the ACLs are ANDed !

Ciao!

--
Francis GASCHET / NUMLOG
http://www.numlog.fr
Tel.: +33 (0) 130 791 616
Fax.: +33 (0) 130 819 286




Le 12/22/2010 02:23 PM Amos Jeffries a écrit  :

On 22/12/10 22:34, Francis GASCHET wrote:

Hello,

We recently had to upgrade a proxy server from Debian 4 to Debian 5 and
installed Squid 2.7 :
#squid -v
Squid Cache: Version 2.7.STABLE3
configure options: '--prefix=/usr' '--exec_prefix=/usr'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid'
'--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads'
'--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter'
'--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap'
'--enable-snmp' '--enable-delay-pools' '--enable-htcp'
'--enable-cache-digests' '--enable-underscores' '--enable-referer-log'
'--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp'
'--enable-follow-x-forwarded-for' '--with-large-files'
'--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux'
'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux'
'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS='


With Squid 2.6 we used multiple access_log directives, based on
different ACLs and it worked fine.
Since we installed the 2.7 version it looks broken : as soon as I put an
ACL, requests are no more logged. I tried with and without the module:
same result. i tried also the 2 syntaxes for net mask...
access_log stdio:/var/log/squid/access.log squid : this is OK (if
log_access is not defined)
access_log stdio:/var/log/squid/access.log squid NORD : this doesn't
work. Indeed the ACL NORD is declared and listed in log_access. No error
when I reload the configuration.


Thereafter is the configuration I would like to get running:
acl SUD src 192.168.3.0/24 192.168.192.0/24
acl NORD src 192.168.5.0/24 192.168.82.0/24
acl NML src 1.1.1.1/255.255.255.255
access_log stdio:/var/log/squid/sud.log squid SUD
access_log stdio:/var/log/squid/access.log squid NORD
access_log stdio:/var/log/squid/access.log squid NML
log_access allow SUD NORD NML
The log_access line tells Squid to only log when the src IP is in all three of the non-overlapping ranges. 

You need to write it:
  log_access allow SUD
  log_access allow NORD
  log_access allow NML
  log_access deny all


Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux