Re: [squid-users] Applying ACLs to access_log directive

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 20 Jun 2009 16:46:41 +1200

Chris Robertson wrote:
> Jon Gregory wrote:
>> Hi Chris,
>>
>> Thank you for the response.
>>
>> Yes, the third column of the log shows the host IP of the machine
>> requesting pages.
>>
>
> Hmmm... Are the ACLs defined in the config file above the access_log
> directives? Do you see anything interesting in cache_log when you start
> Squid? Does your logging Squid act as a parent for another server?
>
> With the information provided, I would expect it to work in the same
> manner you do. I find it VERY interesting that you can separate the
> logging on authentication details, but not source IP.

Only interesting if the clients are connecting directly to Squid.

There is a growing inclination for admin to use network design choices
that remove their hopes of tracking information.

* Interception done on a remote box with DNAT to "route" traffic at Squid.

* Mti-level NAT on any inbound hop at all for that matter.

* Multi-stage proxies such as squidguard before it enters Squid.

* Multi-layers of Squid with Forwarded-For and via turned off.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.8
Received on Sat Jun 20 2009 - 04:46:47 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 20 2009 - 12:00:03 MDT