[squid-users] Log resolved IP somehow?
Alex Rousskov
rousskov at measurement-factory.com
Thu Jun 20 21:07:36 UTC 2019
On 6/18/19 7:37 AM, Ralf Hildebrandt wrote:
> Mon Jun 17 07:28:47 2019 36 10.39.68.232 TCP_DENIED/302 390 CONNECT trx.adscale.de:443 - HIER_NONE/- text/html accessRule=ensiloip -
> Now I tried find out why trx.adscale.de is being denied. I'm using squid-5 with annotate_transaction:
> acl markensiloip annotate_transaction accessRule=ensiloip
> acl ensiloip dst "/etc/squid5/manual-ensilo-ipblocklist.acl"
> http_access deny ensiloip markensiloip
> So I *DO* know that /etc/squid5/manual-ensilo-ipblocklist.acl must be
> the reason for the refusal
> How can I log the IP "trx.adscale.de" resolved to when the rejection happened?
You can annotate each rule in /etc/squid5/manual-ensilo-ipblocklist.acl
in addition to annotating their cumulative result. This is not a direct
answer to your question, but the trick works well for some ACL lists.
Alternatively, one could enhance Squid to optionally record (and later
log) which resolved address was used by "dst" and similar DNS-related
ACLs. This will require some non-trivial work, including getting the
configuration design right, but I think that "label the address used by
this ACL as address Foo" and "log previously labeled address Foo" could
be generally useful features.
HTH,
Alex.
More information about the squid-users
mailing list