[squid-users] How to tell HTTPS traffic is using cache from access.log in 3.5.x when using ssl_bump

Tue Jul 25 22:56:32 UTC 2017

Hi,

I am setting up a transparent proxy that is doing whitelist work, and at
the same time, doing the cache work.

The whitelist works fine, HTTP cache verifed work cause I see TCP_MEM_HIT
using this squid.conf, but don't see any HTTPS MEM HIT related log, every
time seems a new connection.

For HTTPS traffic, I am getting TCP_TUNNEL/200 all the time, the question
is, how can I tell that a HTTPS traffic is actually using cache, or in this
case, it's not using cache at all for HTTPS. I am using forward-proxy port
in cache_peer.

I understand that there is logformat to make access.log show hostname
instead of ip, but this should not effect the MEM HIT log, right?

Meanwhile, I am also trying to setup the sibling cache cluster, not sure if
this related to HTTPS cache, I am also getting TCP_DENIED/403
for squid-internal-dynamic/netdb - HIER_NONE/- text/html. I do see sibling
hit for HTTP site.

Here is my squid version:

Squid Cache: Version 3.5.25

Service Name: squid

configure options:  '--prefix=/usr' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=/lib/squid3' '--srcdir=.'
'--without-libcap' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--enable-inline' '--enable-async-io' '--enable-icmp'
'--enable-useragent-log' '--enable-snmp' '--enable-cache-digests'
'--enable-follow-x-forwarded-for' '--enable-storeio=aufs'
'--enable-removal-policies=heap,lru' '--with-maxfd=16384' '--enable-poll'
'--disable-ident-lookups' '--with-openssl' '--enable-ssl-crtd'
'--with-default-user=proxy' '--with-swapdir=/var/spool/squid3'
'--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
'--enable-linux-netfilter'

And my squid.conf

# Squid normally listens to port 3128

http_port 3130

http_port 3128 intercept

acl allowed_http_sites dstdomain "/etc/squid3/whitelist.txt"

http_access allow allowed_http_sites

https_port 3129 cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key
ssl-bump intercept generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB

acl SSL_port port 443

http_access allow SSL_port

acl allowed_https_sites ssl::server_name "/etc/squid3/ssl_sites.txt"

#sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB

sslcrtd_program /lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB

acl step1 at_step SslBump1

acl step2 at_step SslBump2

acl step3 at_step SslBump3

ssl_bump peek step1 all

ssl_bump peek step2 allowed_https_sites

ssl_bump splice step3 allowed_https_sites

ssl_bump terminate step2 all

acl container_net src 172.18.0.0/24

tcp_outgoing_address 10.0.8.41 container_net

udp_outgoing_address 10.0.8.41 container_net

http_access allow container_net

icp_port 3131

icp_access allow all

#never_direct allow all

cache_peer 10.0.8.48 sibling 3128 3131 proxy-only

#cache_peer_access 10.0.8.48 allow all

# Uncomment and adjust the following to add a disk cache directory.

hosts_file /etc/hosts

cache_replacement_policy heap LFUDA

cache_dir aufs /var/spool/squid3 4000 16 256

log_icp_queries off

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid3

#refresh_pattern ^https://.*\.raw.githubusercontent\.com/ 120000 100% 43200

refresh_pattern .               12000       90%     43200

http_access deny all

Thanks,

Lei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170725/70f635df/attachment.html>