RE: [squid-users] Ignore requests from certain hosts in access_log

And, you still see the non-healthcheck, normal traffic logged using the X-Forwarded-For information?

Here is my entire config, maybe this will help:

# What port do we want to listen on?
http_port 80

# Define refresh patterns for content types
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# Define network ACL's
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl loadbalancers src 10.26.100.136/255.255.255.255
acl loadbalancers src 10.26.100.137/255.255.255.255

# Define access ACL's. To allow SSL tunneling to a new port, add that port
# to the "ssl_ports" ACL. To allow HTTP access over new ports, add that port
# to the "safe_ports" ACL, and so on.
acl manager proto cache_object
acl ssl_ports port "/etc/squid/acl-ssl_ports"
acl safe_ports port "/etc/squid/acl-safe_ports"
acl deny_sites dstdomain "/etc/squid/acl-deny_sites"
acl deny_browsers browser "/etc/squid/acl-deny_browsers"
acl CONNECT method CONNECT

# Define HTTP access rules
http_access deny manager !localhost
http_access deny !safe_ports
http_access deny CONNECT !ssl_ports
http_access deny deny_sites
http_access deny deny_browsers
http_access allow localhost
http_access allow localnet
http_access deny all

# Allow icp_access to allowed_src_hosts
# icp_access allow allowed_src_hosts
# icp_access deny all_src

# We want to append the X-Forwarded-For header for Websense
follow_x_forwarded_for allow loadbalancers
log_uses_indirect_client on
acl_uses_indirect_client on

# Define Logging (do not log loadbalancer health checks)
access_log /var/log/squid/access.log squid
log_access deny !loadbalancers
coredump_dir /var/spool/squid
pid_filename /var/run/squid.pid
httpd_suppress_version_string on
shutdown_lifetime 5 seconds
# We don't cache, so there is no need to waste disk I/O on cache logging
cache_store_log none

# Define SNMP properties
# We will proxy requestst to Squid's internal agent from net-snmp
acl snmpprivate snmp_community fcsnmp1ro
snmp_port 3401
snmp_access allow snmpprivate localhost
snmp_access deny all

# Allow non-FQDN hostnames, even though they are bad bad bad!
dns_defnames on

# Disable all caching
cache deny all
cache_dir null /tmp

# Misc Configuration
negative_ttl 0


-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Friday, March 19, 2010 6:55 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Ignore requests from certain hosts in access_log

Baird, Josh wrote:
> Amos,
>
> Do you think that what I am trying to achieve is possible?

Yes. Do exactly the same myself with a simple !aclname at the end of
access_log directives.

I can't figure out why neither that nor the longer log_access is working
for you.

Amos

> -----Original Message-----
> From: Baird, Josh
> Sent: Tuesday, March 16, 2010 9:25 AM
> To: Amos Jeffries; squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Ignore requests from certain hosts in access_log
>
> Hi Amos,
>
> Same results. Nothing coming from the load balancers is being logged (even requests using X-Forwarded-For). Here is my configuration:
>
> acl loadbalancers src x.x.x.y/255.255.255.255
> acl loadbalancers src x.x.x.z/255.255.255.255
>
> follow_x_forwarded_for allow loadbalancers
> log_uses_indirect_client on
> acl_uses_indirect_client on
>
> # Define Logging (do not log loadbalancer health checks)
> access_log /var/log/squid/access.log squid
> log_access deny !loadbalancers
>
> Without the "log_access" directive enabled, all requests are logged using their X-Forwarded-For source address:
>
> 1268749629.423 354 172.26.100.23 TCP_MISS/200 1475 GET http://webmail.blah.net/? - DIRECT/72.29.72.189 text/plain
>
> These are the types of requests that I am trying to prevent from being logged:
>
> 1268749630.481 0 x.x.x.y TCP_DENIED/400 2570 GET error:invalid-request - NONE/- text/html
>
> (where x.x.x.y is the load balancer, and the request is a "health check" of the web proxy service)
>
> Thanks,
>
> Josh
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Monday, March 15, 2010 6:52 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Ignore requests from certain hosts in access_log
>
> On Mon, 15 Mar 2010 12:15:49 -0500, "Baird, Josh" <jbaird_at_follett.com>
> wrote:
>> Ok, that sort of worked. I have a pair of load balancers sitting in
>> front of my Squid proxy farm. The load balancers insert the
>> X-Forwarded-For header into each HTTP request which allows Squid to log
>> their connections using their real client source IP (extracted from
>> X-Forwarded-For). In reality, the connections to the squid servers are
>> being made directly from the load balancers.
>>
>> When I use log_access to deny logging to the load balancer's IP
>> addresses, -nothing- gets logged to access_log. I am attempting to not
>> log the "health HTTP checks" from 10.26.100.130/10.26.100.131 but still
>> log the other traffic. It doesn't seem that log_access is
>> X-Forwarded-For aware? Any ideas?
>>
>> acl loadbalancers src 10.26.100.130/255.255.255.255
>> acl loadbalancers src 10.26.100.131/255.255.255.255
>> log_access deny !loadbalancers
>
> Ah, you will require these as well:
> # to trust what the load balancers report for XFF
> follow_x_forwarded_for allow loadbalancers
>
> # to use the XFF details in the logs
> log_uses_indirect_client on
>
> # to use the XFF details in ACL tests
> # telling loadbalancer generated requests from relayed
> acl_uses_indirect_client on
>
>
> Amos

Received on Fri Mar 19 2010 - 23:58:55 MDT