Re: [squid-users] Questions about SSL logging

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 11 Sep 2012 11:11:32 +1200

On 11.09.2012 10:42, David Touzeau wrote:
> Dear, i’m using squid 3.2
>
> Sometimes the Squid-cache log correctly the SSL connections to web
> sites
>
> Sep 11 00:30:37 kav4proxy squid[8504]: MAC:64:27:37:02:53:3d
> 192.168.1.158 -
> dtouzeau [11/Sep/2012:00:30:37 +0200] "CONNECT www.artica.fr:443
> HTTP/1.1"
> 200 26051 TCP_MISS:HIER_DIRECT UserAgent:"Mozilla/5.0 (Windows NT
> 6.1;
> WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1" Forwarded:"-"
>
> Sep 11 00:31:10 kav4proxy squid[8504]: MAC:64:27:37:02:53:3d
> 192.168.1.158 -
> dtouzeau [11/Sep/2012:00:31:10 +0200] "CONNECT ssl.gstatic.com:443
> HTTP/1.1"
> 200 2582 TCP_MISS:HIER_DIRECT UserAgent:"Mozilla/5.0 (Windows NT 6.1;
> WOW64;
> rv:15.0) Gecko/20100101 Firefox/15.0.1" Forwarded:"-"
>
> But when i’m browsing to https://www.youtube.com there no entry in
> squid
> access.log ??
> Is there any limitation that ban squid to log https requests..?
>

Not unless you configured such a ban or SSL-bumped those requests.

log_access - to block a request from being logged anywhere.

access_log <log> [acl acl ...] - to block a request from being logged
to a specific log.

SSL-bump will log the bumped requests inside the CONNECT tunnel as
https://* URLs individually, instead of the overview CONNECT (varies
with squid version whether the CONNECT is *also* logged).

Amos
Received on Mon Sep 10 2012 - 23:11:34 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 11 2012 - 12:00:03 MDT