Re: [squid-users] Multiple access_log directives and ACLs from Amos Jeffries on 2009-06-22 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 23 Jun 2009 13:10:47 +1200

On Mon, 22 Jun 2009 11:57:27 -0500, Jeffrey Goldberg <jeffrey_at_goldmark.org>
wrote:
> This is possibly a FAQ (though I didn't find it after a reasonable
> amount of searching) and is almost certainly an very simple question
> for those who already understand the logic of squid configuration files.
>
> With multiple access_log directives with acls, does matching stop at
> the first hit or will a single request log to all matching access_log
> directives?

No, all lines are considered for each logging event. _any_ which match get
the entry recorded.

>
> Background:
>
> As this list probably knows, there is an effort to set up HTTP proxy
> to help people from Iran evade national filters.

You are the first to mention it specifically here. It's nothing special.
Many people do this all the time to fight back against various countries
and various organizations policies.

> Whether Squid or
> HTTP proxies are the best tool or this (or whether something like tor
> is better suited) doesn't take away from the fact that there is a
> coordinated effort to get people to install and configure squid for
> the purpose. Apparently more than 2000 proxies have been configured
> (though reports are that many are misconfigured.)
>
> One requirement is that we don't log any information that could harm
> anyone from Iran should the logs fall into the wrong hands. At the
> moment the advice being given out is to turn off logging. I would
> like to know whether the following would have the desired effect.
>
> logformat squidanon %ts.%03tu %6tr X.X.X.X %Ss/%03Hs %<st %rm XXX
> %un %Sh/%<A %mt
>
>
> access_log /usr/local/squid/logs/access.log squidanon PERSIA

...only PERSIA get logged.

> access_log /usr/local/squid/logs/access.log squid
>

...everything gets logged.

To split them fully you may want:

access_log /usr/local/squid/logs/access.log squidanon PERSIA
access_log /usr/local/squid/logs/access.log squid !PERSIA

> (Assume that the acl PERSIA is already declared).
>
> Because my own proxy is already blocked from Iran, I have little scope
> to test on my own.
>
> I'm running squid 3.0STABLE16 on FreeBSD-7-STABLE. But I think that
> most others are running 2.7. If there are differences between 3.0 and
> 2.7 I would like information for both so that I can pass on the advice.
>

Not that I'm aware of for this behavior.

Amos
Received on Tue Jun 23 2009 - 01:20:38 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 23 2009 - 12:00:03 MDT