[squid-users] Squid access.log

Kornexl, Anton Anton.Kornexl at uni-passau.de
Thu Jan 16 21:06:25 UTC 2020


Thank you for this INFO

I use ufdbguard with the line
url_rewrite_program /usr/sbin/sgwrapper_ufdb

I had 
redirect-https "https://www.jug.... in the config file for ufdbguard

Removing https:// from this definition  removed the fake CONNECT https:443 entries

Anton Kornexl

-----Urspr√ľngliche Nachricht-----
Von: squid-users <squid-users-bounces at lists.squid-cache.org> Im Auftrag von Amos Jeffries
Gesendet: Donnerstag, 16. Januar 2020 20:59
An: squid-users at lists.squid-cache.org
Betreff: Re: [squid-users] Squid access.log

On 17/01/20 3:08 am, Alex Rousskov wrote:
> On 1/16/20 3:06 AM, Kornexl, Anton wrote:

>> I see many requests with CONNECT https:443 in my access.log
> 
>> How are these entries triggered?
> 
> These records are logged when your Squid is done with an HTTP CONNECT
> tunnel or after Squid intercepts a TLS connection. In very broad terms,
> they are a sign that your Squid participates in HTTPS transactions.
> Normally, there should be more than "https:443" in those CONNECT records.
> 

This particular "https:443" happens when people use SquidGuard or
similarly broken redirector to tell Squid the *URI* (hostname:443) of a
CONNECT tunnel is a *URL* (https://hostname:443[path])..

If this is your case, fix the redirector or use this:

 uri_rewrite_access deny CONNECT


Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list