[squid-users] grove.microsoft.com
Michael Pelletier
michael.pelletier at palmbeachschools.org
Fri Apr 15 23:13:34 UTC 2016
Hello,
Bellow is the message that I retrieve from logstash. We use logstash as our
logging system. Now, I do add tags to log messages in log stash. I believe
the %st is my size right?
Apr 14 01:31:13 Proxy-SI-1 (squid-2): Proxy-SI-1 1460611873.853 0 2
10.88.14.225 TCP_DENIED_ABORTED 301 2147480505 535 2147479970 POST 1.0
text/html - - - - 3128 - [Mozilla/4.0 (compatible; MSIE 5.5; Win32)] [-]
sq_err:[301 Access Denied] c_hdr:[Accept: */*\r\nContent-Type:
application/octet-stream\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 5.5;
Win32)\r\nUserAgent: blugro3relay.groove.microsoft.com\r\nContent-Length:
2147479552\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires:
0\r\nCache-Control: max-age=0\r\n] s_hdr:[HTTP/1.1 301 Moved
Permanently\r\nServer: squid/3.4.13\r\nMime-Version: 1.0\r\nDate: Thu, 14
Apr 2016 05:31:13 GMT\r\nContent-Type: text/html\r\nContent-Length:
0\r\nLocation:
http://blockmessage.palmbeach.k12.fl.us/block_message.php?clientaddr=10.88.14.225&clientname=-&clientuser=-&clientgroup=SDPBC-Network&targetgroup=Blacklist&url=HTTP://blugro3relay.groove.microsoft.com\r\nX-Squid-Error:
301 Access Denied\r\n\r]
Here is the custom syslog from the config
logformat custom Proxy-SI-1 %ts.%tu %dt %tr %>a %Ss %03Hs %st %<st %>st %rm
%rv %mt %[un %<A %<a %<p %>lp %{Referer}>h [%{User-Agent}>h\
] [%{Host}>h] sq_err:[%{X-Squid-Error}<h] c_hdr:[%>h] s_hdr:[%<h]
On Fri, Apr 15, 2016 at 12:57 AM, Jason Haar <jason_haar at trimble.com> wrote:
> If you are blocking it, then it can't be uploading 2G? How are you
> measuring that it uploads 2G? Did you change squid's logging to support
> that (it doesn't log upload sizes - only download sizes by default). Are
> you simply referring to the Content-Length header - as that would say 2G -
> even if the upload is then blocked.
>
> On Fri, Apr 15, 2016 at 4:04 PM, Michael Pelletier <
> michael.pelletier at palmbeachschools.org> wrote:
>
>> I am blocking grove.microsoft.com. Even though I am blocking it, I am
>> seeing large, 2 Gig, uploads from the client to the proxy (which indeed
>> blocks it). It is almost like the connection request (explicit) contains
>> the 2 gig post request. Why is this happening? Has anyone seen this?
>>
>>
>> Michael
>>
>> *Disclaimer: *Under Florida law, e-mail addresses are public records. If
>> you do not want your e-mail address released in response to a public
>> records request, do not send electronic mail to this entity. Instead,
>> contact this office by phone or in writing.
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
--
*Disclaimer: *Under Florida law, e-mail addresses are public records. If
you do not want your e-mail address released in response to a public
records request, do not send electronic mail to this entity. Instead,
contact this office by phone or in writing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160415/065f7bb3/attachment-0001.html>
More information about the squid-users
mailing list