[squid-users] TUNNEL logging

Alex Rousskov rousskov at measurement-factory.com
Sun Jun 24 00:09:50 UTC 2018

On 06/23/2018 04:38 PM, senor wrote:
> Hi all,
> I've noticed that a tunneled 443 request is not logged to access.log 
> until the client or server terminate which can be a long time. 

Yes, CONNECT tunnels are logged when the tunnel is over (i.e., Squid is
done talking to the client and server). This log-at-the-end approach is
similar to other transactions (which may also take a very long time).

> Is it  possible to get squid to log the CONNECT at tunnel initiation?

It is possible to be notified about CONNECT requests via eCAP and ICAP
interfaces as well as via external ACL helpers.

It is not possible to log the CONNECT request/response before the tunnel
is over. One could, in principle, separate CONNECT request/response
messages from the established tunnel, and log each "phase" of the tunnel
transaction separately, but I am not sure that is a good idea -- it is
not clear to me why a CONNECT tunnel should be treated differently from
any other HTTP transaction where the both client and server may send
request and response body bytes concurrently (and for a long time).

What problem are you trying to solve?


More information about the squid-users mailing list