[squid-users] A logging only ACL?
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Jul 26 13:29:51 UTC 2018
On 26.07.18 15:15, Ralf Hildebrandt wrote:
>Before destroying our Squid proxy with an ACL, I'd like to LOG ACL hits
>instead of using "http_access deny" straight away:
>
>--- nsip ---
>acl markURLhaus annotate_transaction accessRule=URLhaus
>acl URLhaus url_regex "/etc/squid5/generated-urlhaus.acl"
>http_access deny URLhaus markURLhaus
>--- nsip ---
>
>How?
you can configure an ACL and only define it in access_log directive.
separate log file would be preferred for this.
there's also "note" directive that allows you log notes for requests
matching ACL. http://www.squid-cache.org/Doc/config/note/
>Underlying problem: https://urlhaus.abuse.ch/ is offering
>a plain-text URL list here https://urlhaus.abuse.ch/downloads/text/
>
>But in squid I must used "url_regex" - meaning I'll have to escape the
>likes of .^$*+?()[{\|
the main problem is that HTTPS URL is only known when you do SSL
deciphering, which may happen:
- in reverse proxy scenario (using squid for ssl offloading)
- when you use SSL bumping (which is quote complicated to implement).
also note that url_regex ACLs are quite CPU hungry.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them
More information about the squid-users
mailing list