On 7/20/19 11:07 AM, leomessi983@xxxxxxxxx wrote: > Why do I see multiple different lines in access.log file? I believe the following wiki page answers that question. Search for the word "log" in the Processing Steps section. https://wiki.squid-cache.org/Features/SslPeekAndSplice > Is every line a separate request? The answer depends what you consider a "request" to be in this context. Please see above URL for logging details. > I used ssl-bump , peek at_step sslbump1 and then based on my ACL,I bump > them or splice them! my squid.conf for log: > logformat squid2 %ts %{%Y %b %d %H:%M:%S}tl %>a %<a %<A %ru %>Hs %<Hs > %ssl::bump_mode > > For example for google.com I see multiple lines in access.log: > 1563634658 2019 Jul 20 19:27:38 40.0.0.40 - - 216.58.208.67:443 200 - splice > 1563634658 2019 Jul 20 19:27:38 40.0.0.40 - - 216.58.208.67:443 200 - splice > 1563634659 2019 Jul 20 19:27:39 40.0.0.40 - - 172.217.18.130:443 200 - splice > 1563634659 2019 Jul 20 19:27:39 40.0.0.40 - - 216.58.208.78:443 200 - splice > 1563634659 2019 Jul 20 19:27:39 40.0.0.40 - - 172.217.18.130:443 200 - splice > > where is https:// google.com in the this log? At step1, Squid cannot see the URLs you expect. And Squid does not see the HTTP request if you tell it to splice during step2. You can try logging %ssl::>sni and %ssl::<cert_subject. See their documentation in squid.conf.documented. To see the HTTP request, Squid has to bump the connection. > If i denied google , access.log shows: If you deny access, Squid bumps the client connection and, if that bumping is successful, receives the HTTP request. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
