[squid-users] logformat for requests using PROXY protocol
Chammi Kumarapathirage
chammidhan at gmail.com
Fri Nov 22 03:05:18 UTC 2019
I have my logformat as follows.
logformat jsonformat {"Client Hostname":"%>A","Source IP":"%>a","HTTP Method
":"%rm","HTTP Protocol version":"%rv","Request Domain":"%>rd","Port":"%>rP",
"User Agent":"%{User-Agent}>h","Request Size":"%>st","Reply
Size":"%<st","Response
Time(ms)":"%tr","Status Code":"%>Hs","Request Status":"%Ss","Server FQDN":"
%<A"}
The proxy is sitting behind a load balancer in AWS and Proxy Protocol V2 is
enabled on both the LB and Squid. Everything seems to work fine. I can
create rules based on source IP of the client. However. I want to be able
to create rules based on the hostname of the original client. But it
doesn't seem that Squid sees the original client's hostname. Rather it
takes the hostname of the LB as seen by below log.
{ "Client Hostname": "ip-10-181-3-213.ap-southeast-2.compute.internal", "Source
IP": "10.181.3.10", "HTTP Method": "CONNECT", "HTTP Protocol version": "1.1",
"Request Domain": "clientservices.googleapis.com", "Port": "443", "User
Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36", "Request Size":
"253", "Reply Size": "4138", "Response Time(ms)": "0", "Status Code": "403",
"Request Status": "TCP_DENIED", "Server FQDN": "-" }
On Fri, Nov 15, 2019 at 3:15 PM Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 15/11/19 2:56 pm, chammidhan wrote:
> > I have configured a Squid ECS cluster behind a network load balancer in
> AWS.
> > To reflect the original client IP, I needed to enable PROXY Protocol V2
> on
> > the load balancer. The service itself is working fine and I can create
> rules
> > based on the original client IP and these are applied as expected.
> However,
> > it doesn't seem that logformat format codes are working as expected. No
> > matter how I format the logs, I'm always seeing the logs in the same
> format.
> > Which looks like below.
> >
> > 1573771498.693 240116 10.181.3.10 TCP_TUNNEL/200 1742 CONNECT
> > id.google.com:443 - HIER_DIRECT/172.217.167.67 -
> >
> > My logformat directive is the default
> > logformat squid %{%Y/%m/%d-%H:%M:%S}tl %>A/%>a %un %rm/%rv %ru %mt
> > %{User-Agent}>h %>st/%<st %tr %>Hs %Ss %Sh/%<A
> >
> > Appreciate any insight to what I may be doing wrong. Things were working
> > fine before enabling PROXY protocol on the NLB
> >
>
> Please run "squid -k parse" on your config and fix the errors and
> warnings it produces.
>
> "
> 2019/11/15 18:11:50| Processing: logformat squid %{%Y/%m/%d-...
> 2019/11/15 18:11:50| ERROR: logformat squid is already defined. Ignoring.
> "
>
> To use a custom log format you need a custom name.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20191122/e97c68ce/attachment-0001.html>
More information about the squid-users
mailing list