[squid-users] Help: How to calculate all bytes when communicate with client for a request

wei edwin.zhou at hotmail.com
Wed Dec 21 04:09:37 UTC 2016 

Hi Alex,


Many thanks for your reply and sorry for the misleading. In fact I just want to log the number of encrypted bytes received from the HTTPS client, not the decrypted HTTPS body sizes. Do you know how to do this?


I also build squid 3.5.23 with default parameter, and seems squid log still ignore the encrypted bytes(except "CONNECT" header) that the client send to squid server.


Below is two Get and Post commands and you can see there is no difference with their total size(%st 3520) in the logs:

curl --proxy 48.96.17.25:3128  https://showip.net
curl --proxy 48.96.17.25:3128 -d'test' https://showip.net

1482292236.816   1700 48.96.17.25 TCP_TUNNEL/200 3408 112 3520 0 112 CONNECT showip.net:443 - HIER_DIRECT/showip.net:23.253.100.206 -
1482292258.735   1234 48.96.17.25 TCP_TUNNEL/200 3408 112 3520 0 112 CONNECT showip.net:443 - HIER_DIRECT/showip.net:23.253.100.206 -

logformat in squid.conf is:
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %>st %st %<sh %>sh %rm %ru %un %Sh/%<A:%<a %mt

For Https, %>st is supposed to be "Total bytes received from client" and %st is supposed to be "Total bytes received from client and sent to client", right? But why they have no change while the client send more data to squid server? Is this a bug?

Thanks for all your help!

Regards,
Edwin

________________________________
On 20 December 2016 at 16:38, Alex Rousskov <rousskov at measurement-factory.com> wrote:

> I want to calculate all bytes when a request is sent to squid,

According to squid.conf.documented, you can use the following logformat
%codes to get unencrypted HTTP request sizes:


> including:

>  1. the header length that client will send to squid

[http::]>sh     Size of request headers received from client


>  2. the post content length that send to squid

[http::]>st     Total size of request received from client.

minus

[http::]>sh     Size of request headers received from client


>  3. the response length squid will reply to client


[http::]<st     Total size of reply sent to client (after adaptation)

minus

[http::]<sh     Size of reply headers sent to client (after adaptation)


Please note that you need Squid v3.5.22 or later for many size-related
logformat %codes to work reasonably well in some environments. There
were many size logging bugs in earlier versions!

If some of these %codes do not work in your tests with the latest Squid,
please consider filing a but report with an isolated test case
illustrating the problem.


> I don't need to know the request content, just want to know how many
> bytes the client totally send including the post and https bytes, is it
> possible to do this?

The only way to measure the size of encrypted HTTP message parts is to
decrypt that message. Thus, if you want to log HTTPS POST body sizes (as
opposed to just the number of encrypted bytes received from the HTTPS
client), then you have to tell Squid to decrypt that traffic. In most
cases, decryption is not worth the associated headaches if you just want
to log sizes.


HTH,

Alex.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161221/266d9413/attachment-0001.html>

More information about the squid-users mailing list