[squid-users] ICAP: how to get port of X-Client-IP
Alexander Bubnov
alexander.bubnov at bk.ru
Tue Dec 16 08:49:02 UTC 2014
Hello Amos!
Glad to get your answer!
1. I have tried to use %>p specifier for adaptation_meta directive. But it seems does not work that way I used it.
I specified it in squid.conf:
adaptation_meta X-CLIENT-SRCPORT %>p
I found that specifier ony in logformat. May be you mixed it up?
2. About mapping port transparently. How does it help to get (at least) mapped port number in ICAP?
3. I would like to track any software. Especially software which use "User Agent" field not legitimately or event does not fill it at all.
--
/BR, Alexander
Mon, 15 Dec 2014 17:32:34 +1300 от Amos Jeffries <squid3 at treenet.co.nz>:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 13/12/2014 9:09 a.m., Александр Бубнов wrote:
>> I do not need to map it back remotely. I just need to know it. One
>> of my applications collects logs about all connections on a desktop
>> PC and another (ICAP server) collects what that applications sends
>> to the Internet. And to know that traffic belongs to certain
>> application I need to know port of the application on a desktop
>> PC.
>
>You could try using the adaptation_meta directive to add a custom
>header with %>p as the value parameter. I'm not sure if that will send
>a port number though.
> http://www.squid-cache.org/Doc/config/adaptation_meta/
>
>There is near zero reliability that the port number outgoing from the
>client is the same number incoming to Squid. There are numerous
>potential layers of protocol and machinery re-numbering ports
>transparently between any two devices.
>
>
>The name of the client application is supposed to be sent in the
>User-Agent: HTTP header which gets delivered to ICAP already. For most
>legitimate uses of agent-sniffing UA header + IP is sufficient
>information.
>
>Amos
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v2.0.22 (MingW32)
>
>iQEcBAEBAgAGBQJUjmRiAAoJELJo5wb/XPRj9skH/i6rlp7XmNptgfn/VgKtgH+v
>D22idQBsXyTC00LN2UQssz6Hrpk7nvK96dKObtSppJQ8Xtu1NrrPG1uSq1plRgBT
>d5EXRYnAMttTbI5KVDdXW6IsFSjTkL2Hr1m244BEv7SRUBNaa67XPpDjucoIX2kP
>8eIKZrB32jaW3/t2VDIl67iRKOZQh3DZfFqFrU6BgZCrLXjZXU/629+KBVnvNg/A
>TEnYXDBOSRwRVsWuLK/o0bZFI7y6wp0jtRT1ETliUpmdbGKKPSnMWLym2FX5VI+d
>8B1BSzbjEAP+sWex2oKE5Z7+FQ+eSf2tYLvS15fqAHe09hKqpJTMur4cumdkRM0=
>=LgMG
>-----END PGP SIGNATURE-----
>_______________________________________________
>squid-users mailing list
>squid-users at lists.squid-cache.org
>http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141216/0b15bd7f/attachment.html>
More information about the squid-users
mailing list