[squid-users] squid access.log

leomessi983 at yahoo.com leomessi983 at yahoo.com
Mon Apr 20 20:13:45 UTC 2020

 Well in my case for my single web request in first CONNECT log entry, the domain address is IP address of server and URL is IP:PORT of server and in second log entry domain is example.com and URL is example.com:443 .but why? I dont undrestand it, this confuses me !!
I dont bump anything in this requests!If I use ssl::server_name and specify IP address of server to bump https request,  my https://example.com request will be blocked, I dont send requests in the example format of .but they will be blocked while I dont want to.

    On Monday, April 20, 2020, 11:39:23 PM GMT+4:30, Alex Rousskov <rousskov at measurement-factory.com> wrote:  
 On 4/20/20 2:04 PM, leomessi983 at yahoo.com wrote:
> hi
> I have one question.
> why for each https request that squid do peek or bump or splice ,squid
> logs 2 lines?
> one with connect method and one with head method?

... because there are two HTTP[S] requests in those cases, one with the
CONNECT method and one with the HEAD method. There are other cases where
one bumped CONNECT tunnel carries hundreds or even thousands of
GET/HEAD/PUT/POST/CONNECT/etc. requests. And there are also cases where
a bumped CONNECT tunnel carries no requests at all.

In summary, one bumped CONNECT tunnel will (by default) result in one or
more access.log records, starting with the CONNECT record.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200420/a9136de1/attachment-0001.html>

More information about the squid-users mailing list