[squid-users] Peek and Splice - Termination Log

Alex Rousskov rousskov at measurement-factory.com
Mon Sep 25 14:11:57 UTC 2017


On 09/22/2017 09:27 AM, Eric Lackey wrote:

> This is all working well except for the fact that we don’t have a
> good way to determine what is being blocked.

All transactions, including blocked ones, must be logged to access.log.
Squid had several bugs in this area. All known bugs (within this
discussion scope) should be fixed in the latest v5. I am not sure about
the latest v3, but I do see at least some of the fixes in v4. For
example:
https://github.com/squid-cache/squid/commit/da6dbcd110f7603f6d4cd9b3eef749311293fe77

Going forward:

* If something is not logged in the latest v3, then please consider
upgrading to v4. Filing a bug report in Bugzilla (see below) for v3
might motivate somebody to backport the fixes, but if the bug is fixed
in v4, then upgrading may be an overall better option, especially if you
use SslBump.

* If something is not logged in the latest v4 or v5, then please
consider filing a bug report in Bugzilla. Attaching an ALL,9 cache.log
while reproducing the issue using a single transaction on an otherwise
idle Squid will help developers triage your bug report.


Thank you,

Alex.
P.S. You do not need the "step3" ACL in the configuration below.

> acl allowed_https_sites ssl::server_name_regex "/etc/squid/allowed_sites"
> 
> ssl_bump peek all
> ssl_bump splice allowed_https_sites
> ssl_bump terminate step3 all


More information about the squid-users mailing list