Logging ACL name with requests

Will Roberts <ironwill42@xxxxxxxxx> · Mon, 02 Apr 2012 20:02:19 -0400

Hi,

I'm trying to log the name of the ACL that allowed/denied access for a 
particular request. I have a patch that seems to work fine on all my 
machines except one. On that one machine it'll work fine for several 
hours, but then begins logging other garbage; sometimes parts of URLs, 
other times it's just random bytes. I think my patch is correct and this 
machine has a problem, but I'd appreciate it if someone could take a look.

My real goal is to associate a username with requests that are allowed 
based on a whitelisted IP. I had originally done this using an external 
acl helper, but found that it was too slow and would cause connections 
to randomly fail. So instead I now generate a .conf file that is 
included with my main squid config which looks like this:

acl foo src 10.3.4.0/24
acl foo src 10.4.5.0/24
http_access allow foo

acl bar src 120.3.4.0/24
acl bar src 120.4.5.0/24
http_access allow bar

hence why I'm then trying to log the name of the ACL that allowed the 
connection. If there's a different way of doing that I'm open to 
suggestions.

Here's the patch, I allowed the ACL to be accessible via its own token 
or to replace the user one if the user is null.

Thanks,
--Will

Index: squid3-3.1.19/src/AccessLogEntry.h
===================================================================

--- squid3-3.1.19.orig/src/AccessLogEntry.h	2012-02-05 
06:51:32.000000000 -0500
+++ squid3-3.1.19/src/AccessLogEntry.h	2012-03-29 00:57:22.000000000 -0400
@@ -96,6 +96,7 @@
                 msec(0),
                 rfc931 (NULL),
                 authuser (NULL),
+                aclname (NULL),
                 extuser(NULL)
 #if USE_SSL
                 ,ssluser(NULL)
@@ -114,6 +115,7 @@
         int msec;
         const char *rfc931;
         const char *authuser;
+        const char *aclname;
         const char *extuser;
 #if USE_SSL

Index: squid3-3.1.19/src/access_log.cc
===================================================================
--- squid3-3.1.19.orig/src/access_log.cc	2012-02-05 06:51:32.000000000 -0500
+++ squid3-3.1.19/src/access_log.cc	2012-03-29 01:01:43.000000000 -0400
@@ -404,6 +404,7 @@
     LFT_TAG,
     LFT_IO_SIZE_TOTAL,
     LFT_EXT_LOG,
+    LFT_ACCEPTED_ACL,

 #if USE_ADAPTATION
     LTF_ADAPTATION_SUM_XACT_TIMES,
@@ -561,6 +562,7 @@
     {"et", LFT_TAG},
     {"st", LFT_IO_SIZE_TOTAL},
     {"ea", LFT_EXT_LOG},
+    {"ACL", LFT_ACCEPTED_ACL},

     {"%", LFT_PERCENT},

@@ -1017,6 +1019,9 @@
             if (!out)
                 out = accessLogFormatName(al->cache.extuser);

+            if (!out)
+                out = accessLogFormatName(al->cache.aclname);
+
 #if USE_SSL

             if (!out)
@@ -1182,6 +1187,10 @@

             break;

+        case LFT_ACCEPTED_ACL:
+            out = al->cache.aclname;
+            break;
+
         case LFT_PERCENT:
             out = "%";

@@ -1764,6 +1773,9 @@
     if (!user)
         user = accessLogFormatName(al->cache.extuser);

+    if (!user)
+        user = accessLogFormatName(al->cache.aclname);
+
 #if USE_SSL

     if (!user)
@@ -2431,6 +2443,7 @@

     safe_free(aLogEntry->headers.reply);
     safe_free(aLogEntry->cache.authuser);
+    safe_free(aLogEntry->cache.aclname);

     safe_free(aLogEntry->headers.adapted_request);
     HTTPMSGUNLOCK(aLogEntry->adapted_request);
Index: squid3-3.1.19/src/client_side.cc
===================================================================
--- squid3-3.1.19.orig/src/client_side.cc	2012-02-05 06:51:32.000000000 
-0500
+++ squid3-3.1.19/src/client_side.cc	2012-04-01 22:13:11.000000000 -0400
@@ -558,6 +558,8 @@

         al.cache.msec = tvSubMsec(start_time, current_time);

+        al.cache.aclname = xstrdup( aclname );
+
         if (request)
             prepareLogWithRequestDetails(request, &al);

Index: squid3-3.1.19/src/client_side_request.cc
===================================================================
--- squid3-3.1.19.orig/src/client_side_request.cc	2012-02-05 
06:51:32.000000000 -0500
+++ squid3-3.1.19/src/client_side_request.cc	2012-04-01 
22:13:24.000000000 -0400
@@ -588,6 +588,8 @@
     else if (http->request->auth_user_request != NULL)
         proxy_auth_msg = 
http->request->auth_user_request->denyMessage("<null>");

+    http->aclname = AclMatchedName;
+
     if (answer != ACCESS_ALLOWED) {
         /* Send an error */
         int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || 
aclIsProxyAuth(AclMatchedName));
Index: squid3-3.1.19/src/client_side_request.h
===================================================================
--- squid3-3.1.19.orig/src/client_side_request.h	2012-02-05 
06:51:32.000000000 -0500
+++ squid3-3.1.19/src/client_side_request.h	2012-03-26 
22:54:59.000000000 -0400
@@ -98,6 +98,7 @@
     HttpRequest *request;		/* Parsed URL ... */
     char *uri;
     char *log_uri;
+    const char *aclname;

     struct {
         int64_t offset;





