[squid-users] squid logging disable based on ACL & kernel: Out of memory
Akshay Hegde
akshay.k.hegde at gmail.com
Sat May 2 12:58:29 UTC 2020
Dear Amos,
Can you please elaborate, I didnt understand. If possible can you explain
with one example ? I mean behaviour of security and privacy flaws when
strip_query_terms is on and when strip_query_terms is off.
- Akshay
On Sat, May 2, 2020, 1:03 AM Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 2/05/20 4:43 am, Akshay Hegde wrote:
> > Dear Alex,
> >
> > Thanks a lot, I started installing new squid on centos8 as you suggested.
> >
> > I got one more doubt its about logging.
> >
> > I have below option globally, which I don't want to make "off"
> > strip_query_terms on
> >
> > and my ACL as follows:
> > logformat squid_custom %ts.%03tu %6tr %>a %Ss/%>Hs %<st %rm %ru %un
> > %Sh/%<A %mt
> > acl track dstdomain "/etc/squid/sites_track.txt"
> > access_log /var/log/squid/full_site_links.log squid_custom track
> >
> > however for specific ACL I would like to log full URL with query
> > parameters, how this can be done ?
> >
>
> If you are upgrading to a Squid with annotation support you can use an
> external ACL helper to do the URL mangling you want for a custom log
> %note column.
> Otherwise there is only that global on/off setting.
>
>
> NP: stripping query-string is a very weak workaround for
> security+privacy flaws. Any details hidden are being published elsewhere
> anyway. All it does is prevent local detection of important information
> leaks.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200502/1c67b6f5/attachment.html>
More information about the squid-users
mailing list