[squid-users] extract http headers from CONNECT / bumped ssl?
Alex Rousskov
rousskov at measurement-factory.com
Fri Aug 25 03:37:25 UTC 2017
On 08/24/2017 06:31 PM, Aaron Turner wrote:
> Actually, looks like I was misunderstanding the access.log, it was working:
>
> 1503620688.280 0 10.93.3.85 TAG_NONE/200 0 CONNECT synfin.net:443
> - HIER_NONE/- - ip_index=0,client=-
> 1503620689.241 947 10.93.3.85 TCP_MISS/200 57810 GET
> https://synfin.net/sock_stream/ - HIER_DIRECT/45.79.73.39 text/html
> ip_index=2,client=foobar1
>
> I didn't initially understand that each CONNECT then generates a
> second entry.
Each bumped CONNECT tunnel generates one or two CONNECT entries
(depending on the configuration) followed by zero or more HTTP requests
found inside the decrypted tunnel.
>>> external_acl_type client_ip_map_0 %>{My-Custom-Client-Id}
>>> /usr/lib64/squid/user_loadbalance.py 0 4
>> That is not your actual external_acl_type line, I hope. The %>h part
>> looks malformed.
> Really? Works and seems to match the instructions indicating "%>{Header}"
If some instructions imply that omitting "h" from "%>h" is a good idea,
then I do not recommend following them, even if omiting "h" works.
The {header-field-name} parameter is fine. It is the missing "h" that I
would worry about.
Alex.
More information about the squid-users
mailing list