Search squid archive

RE: Why squid show IP in access log for transparent proxy?‏

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2014-07-08 17:36, Nil Nik wrote:
I am NOT looking for client IP or host. I am looking for target server IP.
In case of 'ssl_bump none' squid access log shows IP of server instead
of domain.


Nik Nik,
The answer to your original question is that Squid only has the TCP/IP packet details to work with in intercepted traffic. particularly with port 443 traffic which has not been decrypted to get the Host header details.


log_fqdn on is not useful for me.

For the record this option is not even supported by Squid-3.2 and later. People using it should move to using %>A in a custom log format instead.

The proper way to log rDNS details is with the %<A and %>A log tokens in a custom logformat.

The %<A format token is the one needed to log server rDNS record. However it is important to be aware that rDNS record is often different from the URL domain name being fetched by the client. Server IP address is far more accurate and reliable for both debugging and reporting.

Amos


----------------------------------------
From: Antony.Stone@xxxxxxxxxxxxxxxxxxxx
To: squid-users@xxxxxxxxxxxxxxx
Date: Mon, 7 Jul 2014 20:14:40 +0200
Subject: Re: Why squid show IP in access log for transparent proxy?‏

On Monday 07 July 2014 at 19:44:34, Mark jensen wrote:

to show the domain name instead of IP:

One method would be to make use of this directive in the squid.conf file to
get the log file to show FQDNs instead of the IPs: log_fqdn on

That's for looking up the hostnames of clients connecting to the proxy.

i got the impression the original question was about the target server IP
addresses appearing in the logifles, instead of their DNS names.

this is a good link which may help you:

http://unix.stackexchange.com/questions/134132/how-can-we-make-squid-do-a-r
everse-nslookup


Regards,


Antony.

--
This email was created using 100% recycled electrons.

Please reply to the list;
please don't CC me.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux