There seem to be no way to track outbound connections to originating clients, at least when squid is retrieving URLs via peers.
Consider this scenario: client ->(connection1)-> squid ->(connection2)-> parent_peer ->(connection3)-> internet I'll use the following names for the local address/foreign address pairs of the connections: connection1: client_ip:client_port <-> squid_ip:squid_port connection2: squidlo_ip:squidlo_port <-> peer_ip:peer_port connection3: peerlo_ip:peerlo_port <-> ext_ip:ext_port Now suppose that, at the company border firewall, you see that a connection3 is using too much bandwidth, or causing other troubles, and you need to find which client is originating it. You start from the external connection and, analyzing the parent_peer, you can identify the corresponding connection2, that is: you identify that the request causing the "problem" is the one arriving from a given squidlo_ip:squidlo_port address. However, on the squid side, there seem to be no way to associate that local address to a specific client request. Using the manager interface and requesting e.g. "filedescriptors", you can associate clients (client_ip:client_port) to requested URLs and requested URLs to peer_ip:peer_port addresses. But I cannot find any way to associate the requests to squidlo_ip:squidlo_port addresses. In fact, the peer_ip:peer_port address is not enough to identify a connection2 (all connections from squid to the parent peer use the same peer_ip:peer_port foreign address), and apparently squid is not logging/reporting the corresponding local address squidlo_ip:squidlo_port anywhere. Is there actually no way to track the originating client (maybe from some logfile or other manager page)? If not, then I think it would be important to add a "Local Address" column to the "mgr:filedescriptor" page. Cheers, Livio