Search squid archive

Re: extract http headers from CONNECT / bumped ssl?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 25/08/17 15:37, Alex Rousskov wrote:
On 08/24/2017 06:31 PM, Aaron Turner wrote:

Actually, looks like I was misunderstanding the access.log, it was working:

1503620688.280      0 10.93.3.85 TAG_NONE/200 0 CONNECT synfin.net:443
- HIER_NONE/- - ip_index=0,client=-
1503620689.241    947 10.93.3.85 TCP_MISS/200 57810 GET
https://synfin.net/sock_stream/ - HIER_DIRECT/45.79.73.39 text/html
ip_index=2,client=foobar1

I didn't initially understand that each CONNECT then generates a
second entry.

Each bumped CONNECT tunnel generates one or two CONNECT entries
(depending on the configuration) followed by zero or more HTTP requests
found inside the decrypted tunnel.


external_acl_type client_ip_map_0 %>{My-Custom-Client-Id}
/usr/lib64/squid/user_loadbalance.py 0 4

That is not your actual external_acl_type line, I hope. The %>h part
looks malformed.

Really?  Works and seems to match the instructions indicating "%>{Header}"

If some instructions imply that omitting "h" from "%>h" is a good idea,
then I do not recommend following them, even if omiting "h" works.

The {header-field-name} parameter is fine. It is the missing "h" that I
would worry about.


FWIW: The non-h forms are only accepted by current Squid-3 for backward compatibility and should be producing a high level WARNING on use. That has been removed with Squid-4. (thanks for the reminder I'm going to have to mention that in the release notes).


Please run "squid -k parse" and fix any config problems it highlights. This command should be used after upgrades and when editing the config to make sure it will actually do what you want in production.


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux