>From my log: ============ Mon Jun 17 07:28:47 2019 36 10.39.68.232 TCP_DENIED/302 390 CONNECT trx.adscale.de:443 - HIER_NONE/- text/html accessRule=ensiloip - Now I tried find out why trx.adscale.de is being denied. I'm using squid-5 with annotate_transaction: acl markensiloip annotate_transaction accessRule=ensiloip acl ensiloip dst "/etc/squid5/manual-ensilo-ipblocklist.acl" http_access deny ensiloip markensiloip So I *DO* know that /etc/squid5/manual-ensilo-ipblocklist.acl must be the reason for the refusal -- so I resolved trx.adscale.de and got: # host trx.adscale.de trx.adscale.de is an alias for san.adscale.de.edgekey.net. san.adscale.de.edgekey.net is an alias for e9040.g.akamaiedge.net. e9040.g.akamaiedge.net has address 95.100.198.56 So a CDN is being used. And alas: # fgrep -c 95.100.198.56 /etc/squid5/manual-ensilo-ipblocklist.acl 0 # fgrep -c 95.100.198 /etc/squid5/manual-ensilo-ipblocklist.acl 0 # fgrep -c 95.100 /etc/squid5/manual-ensilo-ipblocklist.acl 0 So, I guss the IP must have change between to time "trx.adscale.de" was blocked and now. How can I log the IP "trx.adscale.de" resolved to when the rejection happened? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebrandt@xxxxxxxxxx Campus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
