[squid-users] Logs from traffic that don't belong to either whitelist or blacklist

Amos Jeffries squid3 at treenet.co.nz
Thu May 25 09:25:05 UTC 2017


On 25/05/17 19:51, Miguel Barbero wrote:
> Good morning,
>
> We have a special requirement and we are not sure whether it's 
> possible to accomplish.
>
> We have defined a whitelist and a blacklist on our Squid. Its 
> behaviour is as usual and how it could expect.
>
> All the traffic less blacklist is passed however we are interested to 
> get an alert about the passed traffic that don't belong neither 
> whitelist or blacklist.
>
> Is there any way to get this?

It is. I would configure it like this:


acl blacklist ...
http_access deny blocklist

acl whitelist ...
http_access allow whitelist

external_acl_type notify %% /path/to/notify_script
acl notify external notify

http_access allow notify
http_access deny all

Where the notify_script is a helper that sends your notification however 
you want and returns "OK" to Squid.


Cheers
Amos



More information about the squid-users mailing list