On 26.07.18 15:15, Ralf Hildebrandt wrote:
Before destroying our Squid proxy with an ACL, I'd like to LOG ACL hits
instead of using "http_access deny" straight away:
--- nsip ---
acl markURLhaus annotate_transaction accessRule=URLhaus
acl URLhaus url_regex "/etc/squid5/generated-urlhaus.acl"
http_access deny URLhaus markURLhaus
--- nsip ---
How?
you can configure an ACL and only define it in access_log directive.
separate log file would be preferred for this.
there's also "note" directive that allows you log notes for requests
matching ACL. http://www.squid-cache.org/Doc/config/note/
Underlying problem: https://urlhaus.abuse.ch/ is offering
a plain-text URL list here https://urlhaus.abuse.ch/downloads/text/
But in squid I must used "url_regex" - meaning I'll have to escape the
likes of .^$*+?()[{\|
the main problem is that HTTPS URL is only known when you do SSL
deciphering, which may happen:
- in reverse proxy scenario (using squid for ssl offloading)
- when you use SSL bumping (which is quote complicated to implement).
also note that url_regex ACLs are quite CPU hungry.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
