I am trying to separate logs so that in the log entries define why it was
blocked. For example, I have created the following log formats:
logformat MyAllowSuccessLog local_time="[%tl]" action=ALLOW status=SUCCESS **
orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a proxy_src_port=%>p dst_ip=%<a
dst_host=%<A dst_port=%<p ident_username=%[ui username=%[un request_method=%rm
request="%rm %ru HTTP/%rv" status_code=%>Hs referer="%{Referer}>h"
user_agent="%{User-Agent}>h" protocol_version=%rv squid_status=%Ss
squid_hierarchy_status=%Sh ** dns_response_time=%dt response_time=%tr
mime_type=%mt ** total_request_size=%>st total_reply_size=%<st **
logformat MyAllowFailureLog local_time="[%tl]" action=ALLOW status=FAILURE **
orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a proxy_src_port
=%>p dst_ip=%<a dst_host=%<A dst_port=%<p ident_username=%[ui username=%[un
request_method=%rm request="%rm %ru HTTP/%rv" status_code=%>Hs
referer="%{Referer}>h" user_agent="%{User-Agent}>h" protocol_version=%rv
squid_status=%Ss squid_hierarchy_status=%Sh ** dns_response_time=%dt
response_time=%tr mime_type=%mt ** total_request_size=%>st
total_reply_size=%<st **
logformat MyDenyPortLog local_time="[%tl]" action=DENY status=DENIED
reason=PORT ** orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a
proxy_src_port=%>p dst_ip=%<a dst_host=%<A dst_port=%<p ident_username=%[ui
username=%[un request_method=%rm request="%rm %ru HTTP/%rv" status_code=%>Hs
referer="%{Referer}>h" user_agent="%{User-Agent}>h" protocol_version=%rv
squid_status=%Ss squid_hierarchy_status=%Sh ** dns_response_time=%dt
response_time=%tr mime_type=%mt ** total_request_size=%>st
total_reply_size=%<st **
logformat MyDenyProtocolLog local_time="[%tl]" action=DENY status=DENIED
reason=PROTOCOL ** orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a
proxy_src_port=%>p dst_ip=%<a dst_host=%<A dst_port=%<p ident_username=%[ui
username=%[un request_method=%rm request="%rm %ru HTTP/%rv" status_code=%>Hs
referer="%{Referer}>h" user_agent="%{User-Agent}>h" protocol_version=%rv
squid_status=%Ss squid_hierarchy_status=%Sh ** dns_response_time=%dt
response_time=%tr mime_type=%mt ** total_request_size=%>st
total_reply_size=%<st **
acl success_codes http_status 100-199 # informational
acl success_codes http_status 200-299 # successful transactions
acl success_codes http_status 300-399 # redirection
Then in my access rules, I am doing the following:
# - Block to Unsafe Ports
http_access deny !Safe_ports
deny_info ERR_BLOCKED_PORT.html !Safe_ports
access_log /var/log/squid/access_denied.log MyDenyPortLog !Safe_ports
http_access allow
http_access allow ApprovedDestinations
access_log /var/log/squid/access_haproxy.log MyAllowSuccessLog success
ApprovedDestinations
access_log /var/log/squid/access_haproxy.log MyAllowFailureLog !success
ApprovedDestinations
If there a better way to accomplish this? Can I add a string like an acl when
it matches so I can log on which http_access rule was matched?
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
