[squid-users] Get IP of denied request
magri at web.de
magri at web.de
Thu Oct 26 12:37:43 UTC 2023
Hi list,
TL;DR: is there a way to get/log the resolved ip of a denied request?
We have a rather large ip based malware blacklist (dst acl) and
sometimes a destination is blocked inadvertantly because of a false
positive entry in this list.
This happens most often with CDNs where the ips of a destination change
often and even move between different sites.
Because of this rapid change it's difficult to determine the blocked ip
in hindsight when analyzing access problems and makes it impossible to
correct the blacklist.
For normal requests the resolved and accessed ip is be logged with %<a,
but that doesn't happen when the request is denied.
Is there any way to get the ip logged that was used in the dst-acl aside
from debug logging? Maybe through some annotation mechanism?
Squid version is 6.2, as 6.4 crashes with assertion errors here, too.
thanks,
Martin
More information about the squid-users
mailing list