On 6/18/19 7:37 AM, Ralf Hildebrandt wrote: > Mon Jun 17 07:28:47 2019 36 10.39.68.232 TCP_DENIED/302 390 CONNECT trx.adscale.de:443 - HIER_NONE/- text/html accessRule=ensiloip - > Now I tried find out why trx.adscale.de is being denied. I'm using squid-5 with annotate_transaction: > acl markensiloip annotate_transaction accessRule=ensiloip > acl ensiloip dst "/etc/squid5/manual-ensilo-ipblocklist.acl" > http_access deny ensiloip markensiloip > So I *DO* know that /etc/squid5/manual-ensilo-ipblocklist.acl must be > the reason for the refusal > How can I log the IP "trx.adscale.de" resolved to when the rejection happened? You can annotate each rule in /etc/squid5/manual-ensilo-ipblocklist.acl in addition to annotating their cumulative result. This is not a direct answer to your question, but the trick works well for some ACL lists. Alternatively, one could enhance Squid to optionally record (and later log) which resolved address was used by "dst" and similar DNS-related ACLs. This will require some non-trivial work, including getting the configuration design right, but I think that "label the address used by this ACL as address Foo" and "log previously labeled address Foo" could be generally useful features. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users