[squid-users] log_referrer question

Alex Rousskov rousskov at measurement-factory.com
Tue May 21 19:57:59 UTC 2024 

On 2024-05-21 14:47, Bobby Matznick wrote:
> To add and maybe clarify what my confusion is, the log entries below 
> (hidden internal/external IP’s, domain and username) don’t seem to show 
> what I expected, a line marked “referrer”. Am I misunderstanding how 
> that should show up in the log?

Kind of: HTTP CONNECT requests normally do not have Referer headers. 
These requests establish a TCP tunnel to an origin server through Squid. 
The "real" requests to origin server are inside that tunnel.

In some cases, it is possible to configure the client and Squid in such 
a way that Squid can look inside that tunnel and find "real" requests, 
but doing so well requires a lot of effort, including becoming a 
Certificate Authority and configuring client to trust certificates 
produced by that Certificate Authority. You can search for SslBump to 
get more information, but the area is full of insurmountable 
difficulties and misleading advice. Avoid it if at all possible.


HTH,

Alex.


> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 21 May 2024 17:50:49 +0000
> From: Bobby Matznick <bmatznick at pbandt.bank <mailto:bmatznick at pbandt.bank>>
> To: "squid-users at lists.squid-cache.org 
> <mailto:squid-users at lists.squid-cache.org>"
> <squid-users at lists.squid-cache.org 
> <mailto:squid-users at lists.squid-cache.org>>
> Subject: [squid-users] log_referrer question
> Message-ID:
> <MW5PR14MB52897188C2ED83596B406151B0EA2 at MW5PR14MB5289.namprd14.prod.outlook.com <mailto:MW5PR14MB52897188C2ED83596B406151B0EA2 at MW5PR14MB5289.namprd14.prod.outlook.com>>
> 
> Content-Type: text/plain; charset="utf-8"
> 
> I have been trying to use a combined log format for squid. The below 
> line in the squid config is my current attempt.
> 
> logformat combined %>a %[ui %[un [%tl "%rm %ru HTTP/%rv" %>Hs %<st 
> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
> 
> It is working, as far as logging the normal stuff I would see before 
> having tried to implement referrer. I noticed somewhere that you need to 
> build squid with -enable-referrer-log, it was an older version, looked 
> like 3.1 and lower, I am using 4.13. So, checked with squid -v and do 
> not see "-enable-referrer_log" as one of the configure options used 
> during install. Would I need to reinstall, or is that no longer 
> necessary in version 4.13? Thanks!!
> 
> Bobby

More information about the squid-users mailing list