[squid-users] Squid Log
Amos Jeffries
squid3 at treenet.co.nz
Tue Mar 29 01:57:31 UTC 2016
On 29/03/2016 2:53 a.m., Marc Mapplebeck wrote:
> I am currently using squid for our proxy, and recently decided to use
> WPAD/PAC to also capture HTTPS traffic. I am having one very annoying
> issue with lightsquid, and wondering if anybody has any insight.
>
> All my lightsquid information looks like the attached image. It also does
> not consolidate the first part of the domain name(even this would be fine,
> so that I can differentiate HTTPS traffic, as long as subdomains are
> combined)
>
> I have been modifying my lightparser.pl file to consolidate subdomains,
> however, this is only working for HTTP traffic, as all HTTPS sites are
> showing the port number like mail.google.ca:443
That is the correct URL for those requests. And no they are not "HTTPS".
They are tunnels through the proxy to the server and port indicated,
which may or may not have HTTPS inside them.
In fact if that is Google software contacting Google servers it is far
more likely to be SPDY or WebSockets protocol.
> The code I am using is:
> $url =~ s/([a-z]+:\/\/)??.*\.(google\.*)/$2/o;
>
> Has anybody found a way around this or even thought about this? I was
> thinking of telling squid to not include the port, however, it seems to not
> be working. Any other suggestions/thoughts?
I suggest you double-check your regex. That pattern contains several
major mistakes. "??" and "\.*" for starters.
<http://www.regexr.com/>
The pattern for matching "google.*" in the domain is:
s/^([a-z\-\+]+:\/\/)?([^\/?#:]+)?(google\.[^\/?#:]+)/$3/o
Amos
More information about the squid-users
mailing list