[squid-users] Understand GOOGLEVIDEO Url from access.log

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue May 10 12:17:23 UTC 2016

>> * alesironi <alesironi at yahoo.it>:
>> > The problem is that on Squid log file (ACCESS.LOG) the URL I see is
>> > similar to this:
>> >
>> > r10---sn-4g57knd7.googlevideo.com:443

>Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> schrieb am Di., 10. Mai 2016
>um 11:10 Uhr:
>> 443 = https = encrypted
>> meaning: You cannot know.

On 10.05.16 09:16, Bjoern Meier wrote:
>Wait. Since when track Squid  data?  Squid only track connections in the
>access.log (that's why it is called access.log).
>So, it is not importent if the data is encrypted, the connection data can't
>be encrypted.

how did you get this?
The data _are_ encrypted. SQUID only sees host:port, nothing more.

>Why shouldn't he see the URL in the access.log?

because the URL is encrypted in the stream.

the "s" in https stands for "secure", which means encrypted and
authenticated (at least with working certs).

That means, the data are encrypted between browser and remote (youtube) server
so the others only see which host and port the connection goes to, but no
details like the URL.

Once again, browser and server know the URL, but nobody between.

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

More information about the squid-users mailing list