Re: [squid-users] add DENIED tag by redirector for easy identification in logfile from Amos Jeffries on 2012-10-31 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 01 Nov 2012 00:59:03 +1300

On 1/11/2012 12:07 a.m., Amm wrote:
> Hi
>
> I wanted to know if url_rewrite_program can add a TAG for logging.

Not for tags output by the helper program itself. I am currently working
on a project to clean up and combining the Squid helper interfaces such
that for example; url_rewrite_program and external_acl_type helpers can
return the same set of key=value details and have them do/mean the same
things.
If you are interested in sponsoring any code development towards that
please contact me off-list about payment details.

> I have a redirector which blocks certain sites. But in squid logs
> there is no way to indicate if redirector blocked it.

NOTE: redirectors do not "block" anything. They redirect. Possibly to a
location which does not exist, or a page containing the word "blocked".

> As per this, there is already a tag called DENIED when request is
> rejected by acl.
> http://wiki.squid-cache.org/SquidFaq/SquidLogs#access.log
>
> I would like that redirector should also have ability to add a tag,
> say same one, DENIED.

Um, REDIRECT tag is documented 6 lines above DENIED. Please upgrade to
Squid-3.2 where this logging is available by default already. Or
re-build your Squid with the -DLOG_TCP_REDIRECTS compiler flag.

In all Squid whether they use that tag or not Squid will log a 301, 302,
303, or 307 status code along with "NONE/-" as the server contacted if
url_rewrite_program redirected the request. If there is anything else
in the upstream server field it means the 3xx status logged was
generated by that server, not by Squid.

If you are confusing re-write operation with "redirect". Then of course
nothing is logged, because all Squid did was alter the *text* of the URL
before fetching it. No redirect was done.

> So that its easy to identify the blocked requests (either by acl
> or by redirector)

access controls (ACLs):
* deny permission to access a requested resource
* block the request from accessing the resource

redirectors:
* redirect to an alternative resource.
* do not block the response

> Similar feature already exists for external_acl_type:
> http://www.squid-cache.org/Doc/config/external_acl_type/
>
>
> which says: tag =Apply a tag to a request (for both ERR and OK results)
>
> So can redirector do the same?

Not yet. see above about sponsorship to get early access to that ability
and a faster time on the implementation.

Amos
Received on Wed Oct 31 2012 - 11:59:20 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 31 2012 - 12:00:05 MDT