<div dir="auto"><div>Dear Amos,</div><div dir="auto"><br></div><div dir="auto">Can you please elaborate, I didnt understand. If possible can you explain with one example ? I mean behaviour of security and privacy flaws when </div><div dir="auto"><span style="font-family:sans-serif">strip_query_terms is on and when </span><span style="font-family:sans-serif">strip_query_terms is off.</span><br></div><div dir="auto"><span style="font-family:sans-serif"><br></span></div><div dir="auto">- Akshay<br><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Sat, May 2, 2020, 1:03 AM Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 2/05/20 4:43 am, Akshay Hegde wrote:<br>
> Dear Alex,<br>
> <br>
> Thanks a lot, I started installing new squid on centos8 as you suggested.<br>
> <br>
> I got one more doubt its about logging.<br>
> <br>
> I have below option globally, which I don't want to make "off"<br>
> strip_query_terms on<br>
> <br>
> and my ACL as follows:<br>
> logformat squid_custom %ts.%03tu %6tr %>a %Ss/%>Hs %<st %rm %ru %un<br>
> %Sh/%<A %mt<br>
> acl track dstdomain "/etc/squid/sites_track.txt"<br>
> access_log /var/log/squid/full_site_links.log squid_custom track<br>
> <br>
> however for specific ACL I would like to log full URL with query<br>
> parameters, how this can be done ?<br>
> <br>
<br>
If you are upgrading to a Squid with annotation support you can use an<br>
external ACL helper to do the URL mangling you want for a custom log<br>
%note column.<br>
Otherwise there is only that global on/off setting.<br>
<br>
<br>
NP: stripping query-string is a very weak workaround for<br>
security+privacy flaws. Any details hidden are being published elsewhere<br>
anyway. All it does is prevent local detection of important information<br>
leaks.<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" rel="noreferrer">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div></div></div>