|
Hi Alex,
Many thanks for your reply and sorry for the misleading. In fact I just want to log the number of encrypted bytes received from the HTTPS client, not the decrypted HTTPS body sizes. Do you know how to do this?
I also build squid 3.5.23 with default parameter, and seems squid log still ignore the encrypted bytes(except "CONNECT" header) that the client send to squid server.
Below is two Get and Post commands and you can see there is no difference with their total size(%st 3520) in the logs: curl --proxy 48.96.17.25:3128 https://showip.netcurl
--proxy 48.96.17.25:3128 -d'test'
https://showip.net
1482292236.816 1700
48.96.17.25 TCP_TUNNEL/200 3408 112 3520
0 112 CONNECT showip.net:443 - HIER_DIRECT/showip.net:23.253.100.206 -
1482292258.735 1234
48.96.17.25 TCP_TUNNEL/200 3408 112 3520
0 112 CONNECT showip.net:443 - HIER_DIRECT/showip.net:23.253.100.206 -
logformat in squid.conf is:
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs
%<st %>st %st %<sh %>sh %rm %ru %un %Sh/%<A:%<a %mtFor Https, %>st is supposed to be "Total bytes received from client" and %st is supposed to be "Total bytes received from client and sent to client", right? But why they have no change while the client send more data to squid server? Is this a bug? Thanks for all your help!
Regards,
Edwin
On 20 December 2016 at 16:38, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I want to calculate all bytes when a request is sent to squid,
According to squid.conf.documented, you can use the following logformat %codes to get unencrypted HTTP request sizes: > including: > 1. the header length that client will send to squid [http::]>sh Size of request headers received from client > 2. the post content length that send to squid [http::]>st Total size of request received from client. minus [http::]>sh Size of request headers received from client > 3. the response length squid will reply to client [http::]<st Total size of reply sent to client (after adaptation) minus [http::]<sh Size of reply headers sent to client (after adaptation) Please note that you need Squid v3.5.22 or later for many size-related logformat %codes to work reasonably well in some environments. There were many size logging bugs in earlier versions! If some of these %codes do not work in your tests with the latest Squid, please consider filing a but report with an isolated test case illustrating the problem. > I don't need to know the request content, just want to know how many > bytes the client totally send including the post and https bytes, is it > possible to do this? The only way to measure the size of encrypted HTTP message parts is to decrypt that message. Thus, if you want to log HTTPS POST body sizes (as opposed to just the number of encrypted bytes received from the HTTPS client), then you have to tell Squid to decrypt that traffic. In most cases, decryption is not worth the associated headaches if you just want to log sizes. HTH, Alex. |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
