Search squid archive

Re: Mark log entries for redirected sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/04/11 05:08, Thomas Jarosch wrote:
Hello,

I'm successfully running squid 3.1.11 together
with squidGuard 1.4 as redirector.

Unwanted sites get blocked just fine. Unfortunately
they also get logged like a normal request in the
access.log. It looks like this:

1301586950.611      1 172.16.0.2 TCP_MEM_HIT/200 1627 GET http://www.facebook.com/ - NONE/- text/html

or a later request:

1301587147.200     31 172.16.0.2 TCP_IMS_HIT/304 249 GET http://www.facebook.com/ - NONE/- text/html


Is there a way to specially mark redirected entries in the log file?

Both if the above are identical content going to the user. The first one if re-written contains the body with lies in it. The second is saying to the client that the lie is still to be believed.

Redirection produces a 301/302/307 status in the logs for the original URL followed by another such as the 200 for the redirected URL. 304 etc normally show up on the redirected URL, but thats not set in stone they can do the two-request from some clients.


It sounds like you have actually implemented a "re-writer". Which lies to the client about where content came from.

The logs says Squid presented N bytes in response to a request for "http://www.facebook.com/"; contacting X server to fetch them. The 200 presents the lie and the 304 repeats that it is still to be believed.


Patches are welcome to implement a log tag for the adapted URL as well as the client URL. The raw request details are pro

Or don't log them at all? (though I would prefer to mark them).

You can use ACLs on the log_access and the access log directives (two separate directives, not to be confused in what they do). To omit all the URLs which get re-written and lies sent back.

However omitting these will produce lies in any bandwidth reports you make.

I assume you are wanting this to get a report of the trouble URLs which are getting past the filter? A log produced by the filter would be the best place for that kind of information. It gets given the client IP to work with as well so can do the IP<->URL<->redirected URL mapping much more easily.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.11
  Beta testers wanted for 3.2.0.5


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux