[squid-users] Understand GOOGLEVIDEO Url from access.log
Bjoern Meier
bjoern.meier at gmail.com
Tue May 10 09:29:25 UTC 2016
hi,
1.
Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> schrieb am Di., 10. Mai 2016
um 11:26 Uhr:
> * Bjoern Meier <bjoern.meier at gmail.com>:
> > hi,
> >
> > Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> schrieb am Di., 10. Mai
> 2016
> > um 11:10 Uhr:
> >
> > > * alesironi <alesironi at yahoo.it>:
> > >
> > > > The problem is that on Squid log file (ACCESS.LOG) the URL I see is
> > > similar
> > > > to this:
> > > >
> > > > r10---sn-4g57knd7.googlevideo.com:443
> > >
> > > 443 = https = encrypted
> > >
> > > meaning: You cannot know.
> >
> >
> > Wait. Since when track Squid data? Squid only track connections in the
> > access.log (that's why it is called access.log).
> > So, it is not importent if the data is encrypted, the connection data
> can't
> > be encrypted.
>
> With HTTPS, all you see is CONNECT requests and target hosts:
>
> 1462872328.675 059737 10.x.x.x TCP_TUNNEL/200 2987 CONNECT
> www.adsensecustomsearchads.com:443 - HIER_DIRECT/216.58.213.238 - 31123
> 1462872362.553 058061 141.42.x.x TCP_TUNNEL/200 752 CONNECT
> www.google-analytics.com:443 - HIER_DIRECT/216.58.213.238 - 34542
>
So? I can see the CONNECT URL as I mentioned. So he can see the URL.
As I read: "The problem is that on Squid log file (ACCESS.LOG) the URL I
see is"
He will understand the URL and those can he see.
Greetings,
Björn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160510/cbabd507/attachment.html>
More information about the squid-users
mailing list