Re: [squid-users] acl / format code evaluation

Fri, 05 Nov 2021 02:00:53 -0700 

On 5/11/21 04:14, Jason Spashett wrote:

Hello,

I am using squid 5, and after reading the following I have attempted
to link the connect requests to the other requests within a TLS
tunnel.

Can anyone tell me why this isn't working, and or when the log format
codes get evaluated.
The logformat %macros get expanded any time Squid needs to use the format string containing them. 


For your config snippet below



That means usually;
 - helper queries at several points processing each request/transaction,
 - each time those ACLs of yours are *checked*,
 - log outputs when each request finishes, and
 - deny_info URL generation for redirection.




Squid configuration
-------------------
#
acl connection_id_acl annotate_client conn_id+="%master_xaction/%random"
acl has_conn_id_acl note conn_id
acl set_conn_id_once_acl any-of has_conn_id_acl connection_id_acl
note "" "" set_conn_id_once_acl
#
logformat log time="%tl" conn_id=%{conn_id}note request_type=%>rm url=%>ru

log output
----------
time="04/Nov/2021:14:54:19 +0000" conn_id=2550/Fh0Lje1
request_type=CONNECT url=blog.jason.spashett.com:443
time="04/Nov/2021:14:54:19 +0000" conn_id=2550/e5sVhqi
request_type=GET
url=https://blog.jason.spashett.com/minecraft-4k-ported-to-the-d-programming-language/
time="04/Nov/2021:14:54:20 +0000" conn_id=2550/e5sVhqi
request_type=GET url=https://blog.jason.spashett.com/css/main.css


This looks like its working to me.

 "2550/" is the TCP connection being handled.

 "2550/Fh0Lje1" is the CONNECT received via TCP.

 "2550/e5sVhqi" are the requests decoded from inside the CONNECT tunnel.
The problem you have is that the CONNECT request ceases to exist at the point it is accepted to be decrypted. The TLS handshake takes time - so the conn_id %random value you assigned to that CONNECT is long gone by the time the decrypted requests are received. We have several bugs open about this situation, but my fix has got stuck with QA rejections from other team memmbers. 

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to