[squid-users] Log resolved IP somehow?
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Tue Jun 18 13:37:46 UTC 2019
>From my log:
============
Mon Jun 17 07:28:47 2019 36 10.39.68.232 TCP_DENIED/302 390 CONNECT trx.adscale.de:443 - HIER_NONE/- text/html accessRule=ensiloip -
Now I tried find out why trx.adscale.de is being denied. I'm using squid-5 with annotate_transaction:
acl markensiloip annotate_transaction accessRule=ensiloip
acl ensiloip dst "/etc/squid5/manual-ensilo-ipblocklist.acl"
http_access deny ensiloip markensiloip
So I *DO* know that /etc/squid5/manual-ensilo-ipblocklist.acl must be
the reason for the refusal -- so I resolved trx.adscale.de and got:
# host trx.adscale.de
trx.adscale.de is an alias for san.adscale.de.edgekey.net.
san.adscale.de.edgekey.net is an alias for e9040.g.akamaiedge.net.
e9040.g.akamaiedge.net has address 95.100.198.56
So a CDN is being used. And alas:
# fgrep -c 95.100.198.56 /etc/squid5/manual-ensilo-ipblocklist.acl
0
# fgrep -c 95.100.198 /etc/squid5/manual-ensilo-ipblocklist.acl
0
# fgrep -c 95.100 /etc/squid5/manual-ensilo-ipblocklist.acl
0
So, I guss the IP must have change between to time "trx.adscale.de" was
blocked and now.
How can I log the IP "trx.adscale.de" resolved to when the rejection happened?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebrandt at charite.de Campus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
More information about the squid-users
mailing list