Search squid archive

Re: Squid access.log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you for this INFO

I use ufdbguard with the line
url_rewrite_program /usr/sbin/sgwrapper_ufdb

I had 
redirect-https "https://www.jug.... in the config file for ufdbguard

Removing https:// from this definition  removed the fake CONNECT https:443 entries

Anton Kornexl

-----Ursprüngliche Nachricht-----
Von: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> Im Auftrag von Amos Jeffries
Gesendet: Donnerstag, 16. Januar 2020 20:59
An: squid-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: Re:  Squid access.log

On 17/01/20 3:08 am, Alex Rousskov wrote:
> On 1/16/20 3:06 AM, Kornexl, Anton wrote:

>> I see many requests with CONNECT https:443 in my access.log
> 
>> How are these entries triggered?
> 
> These records are logged when your Squid is done with an HTTP CONNECT
> tunnel or after Squid intercepts a TLS connection. In very broad terms,
> they are a sign that your Squid participates in HTTPS transactions.
> Normally, there should be more than "https:443" in those CONNECT records.
> 

This particular "https:443" happens when people use SquidGuard or
similarly broken redirector to tell Squid the *URI* (hostname:443) of a
CONNECT tunnel is a *URL* (https://hostname:443[path])..

If this is your case, fix the redirector or use this:

 uri_rewrite_access deny CONNECT


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux