Re: [squid-users] strip_query_terms by acl?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 23 Jul 2013 19:08:41 +1200

On 23/07/2013 3:54 p.m., Amm wrote:
>
> My previous e-mail bounced back.
>
> <squid-users_at_squid-cache.org>: Mail server for "squid-cache.org" unreachable for too long
>
> So reposting, sorry if already it had reached the group.
>
> ----- Original Message -----
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>>> On 20/07/2013 2:04 p.m., Amm wrote:
>>> Hello,
>>>
>>> Squid already has option to log FULL query. i.e strip_query_terms off.
>>>
>>> I would like to know is there any way to log FULL query only for particular
>> acl?
>
>> Not in the existing Squid.
>>
>> It could be added fairly easily, but the utility of doing it is very
>> small. The major gain from stripping such terms is to protect stupid
>> security systems which do things like place credentials or users private
>> details in the query-string portion of URLs.
>
> Yes that is why I am asking, I do not want to log everything, just search
> queries made. So basically do not want to violate privacy of anyone.
>
> If it is easy to add, can you provide some hints on which files or what
> functions to change?

src/url.cc at the end of the function urlCanonicalClean() you can see
the comment highlighting it. You need to generate an ACLFilledChecklist
and run fastCheck() on it.

There is maybe an alternative in teh current Squid though...

There are several request-URI formatting codes for logging. The native
squid format uses "%ru" which is filtered by strip_query_terms for
logging. But the others %>ru and %<ru use the unfiltered URL path.
You could use two different access_log lines with slightly different
formats and ACLs selecting which one does the logging for any given request.

Amos
Received on Tue Jul 23 2013 - 07:08:48 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 23 2013 - 12:00:40 MDT