Re: [squid-users] Mark log entries for redirected sites

From: Thomas Jarosch <thomas.jarosch_at_intra2net.com>
Date: Fri, 1 Apr 2011 11:03:37 +0200

Hello Amos,

On Friday, 1. April 2011 02:52:42 Amos Jeffries wrote:
> > Is there a way to specially mark redirected entries in the log file?
>
> Both if the above are identical content going to the user. The first one
> if re-written contains the body with lies in it. The second is saying to
> the client that the lie is still to be believed.

Ok. Thanks for your reply!

> Redirection produces a 301/302/307 status in the logs for the original
> URL followed by another such as the 200 for the redirected URL. 304 etc
> normally show up on the redirected URL, but thats not set in stone they
> can do the two-request from some clients.

Well, I didn't see a 301/302/307 in the logs though I did
get the "blocked" redirect page handed out by squidGuard.

> It sounds like you have actually implemented a "re-writer". Which lies
> to the client about where content came from.

Ok

> I assume you are wanting this to get a report of the trouble URLs which
> are getting past the filter? A log produced by the filter would be the
> best place for that kind of information. It gets given the client IP to
> work with as well so can do the IP<->URL<->redirected URL mapping much
> more easily.

Actually I want to do it a bit differently: If f.e. someone blocked
"facebook.com" during main business hours, they still show up in the
access_log and in the reports created from it. As more and more sites
include "Like this on facebook" buttons which refer to facebook.com,
it looks like users are accessing facebook.com even though they aren't.

So I want to adapt the report software to ignore sites
which are already blocked. This can only be solved if
the log entries are somehow marked.

Cheers,
Thomas
Received on Fri Apr 01 2011 - 09:03:52 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 12:00:03 MDT