[squid-users] Logging ACL that triggered denied access with http_access

Amos Jeffries squid3 at treenet.co.nz
Mon Apr 25 18:36:15 UTC 2016


On 26/04/2016 3:51 a.m., Stephen Borrill wrote:
> Is there a way to log which ACL caused a block with http_access? This
> information is present for deny_info to use, but I cannot see a entry I
> can add to logformat to present such a thing in a custom log format (if
> using an external acl helper, you can spoof something up with the et and
> ea formats).
> 

There is no single ACL which does so. Even if you configure only one ACL
name per access control line in all access controls of squid.conf it is
sequences of ACLs both matching and non-matching (across multiple access
control types) which lead to a particular denial *line* happening.

The deny_info is not logging any single one ACL that did blocking. It is
logging the ACL name to which the deny_info action is attached. Same for
the external_acl_type %ACL parameter displaying the ACL it has been
called on.

Amos



More information about the squid-users mailing list