[squid-users] Logs from traffic that don't belong to either whitelist or blacklist
Amos Jeffries
squid3 at treenet.co.nz
Thu May 25 09:25:05 UTC 2017
On 25/05/17 19:51, Miguel Barbero wrote:
> Good morning,
>
> We have a special requirement and we are not sure whether it's
> possible to accomplish.
>
> We have defined a whitelist and a blacklist on our Squid. Its
> behaviour is as usual and how it could expect.
>
> All the traffic less blacklist is passed however we are interested to
> get an alert about the passed traffic that don't belong neither
> whitelist or blacklist.
>
> Is there any way to get this?
It is. I would configure it like this:
acl blacklist ...
http_access deny blocklist
acl whitelist ...
http_access allow whitelist
external_acl_type notify %% /path/to/notify_script
acl notify external notify
http_access allow notify
http_access deny all
Where the notify_script is a helper that sends your notification however
you want and returns "OK" to Squid.
Cheers
Amos
More information about the squid-users
mailing list