RE: [squid-users] Why squid show IP in access log for transparent proxy?‏ from Amos Jeffries on 2014-07-08 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 08 Jul 2014 18:31:54 +1200

On 2014-07-08 17:36, Nil Nik wrote:
> I am NOT looking for client IP or host. I am looking for target server
> IP.
> In case of 'ssl_bump none' squid access log shows IP of server instead
> of domain.
>

Nik Nik,
The answer to your original question is that Squid only has the TCP/IP
packet details to work with in intercepted traffic. particularly with
port 443 traffic which has not been decrypted to get the Host header
details.

> log_fqdn on is not useful for me.

For the record this option is not even supported by Squid-3.2 and later.
People using it should move to using %>A in a custom log format instead.

The proper way to log rDNS details is with the %<A and %>A log tokens in
a custom logformat.

The %<A format token is the one needed to log server rDNS record.
However it is important to be aware that rDNS record is often different
from the URL domain name being fetched by the client. Server IP address
is far more accurate and reliable for both debugging and reporting.

Amos
>
>
> ----------------------------------------
>> From: Antony.Stone_at_squid.open.source.it
>> To: squid-users_at_squid-cache.org
>> Date: Mon, 7 Jul 2014 20:14:40 +0200
>> Subject: Re: [squid-users] Why squid show IP in access log for
>> transparent proxy?‏
>>
>> On Monday 07 July 2014 at 19:44:34, Mark jensen wrote:
>>
>>> to show the domain name instead of IP:
>>>
>>> One method would be to make use of this directive in the squid.conf
>>> file to
>>> get the log file to show FQDNs instead of the IPs: log_fqdn on
>>
>> That's for looking up the hostnames of clients connecting to the
>> proxy.
>>
>> i got the impression the original question was about the target server
>> IP
>> addresses appearing in the logifles, instead of their DNS names.
>>
>>> this is a good link which may help you:
>>>
>>> http://unix.stackexchange.com/questions/134132/how-can-we-make-squid-do-a-r
>>> everse-nslookup
>>
>>
>> Regards,
>>
>>
>> Antony.
>>
>> --
>> This email was created using 100% recycled electrons.
>>
>> Please reply to the list;
>> please don't CC me.
Received on Tue Jul 08 2014 - 06:32:01 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 08 2014 - 12:00:05 MDT