Baird, Josh wrote:
Amos,
Do you think that what I am trying to achieve is possible?
Yes. Do exactly the same myself with a simple !aclname at the end of
access_log directives.
I can't figure out why neither that nor the longer log_access is working
for you.
Amos
-----Original Message-----
From: Baird, Josh
Sent: Tuesday, March 16, 2010 9:25 AM
To: Amos Jeffries; squid-users@squid-cache.org
Subject: RE: [squid-users] Ignore requests from certain hosts in access_log
Hi Amos,
Same results. Nothing coming from the load balancers is being logged (even
requests using X-Forwarded-For). Here is my configuration:
acl loadbalancers src x.x.x.y/255.255.255.255
acl loadbalancers src x.x.x.z/255.255.255.255
follow_x_forwarded_for allow loadbalancers
log_uses_indirect_client on
acl_uses_indirect_client on
# Define Logging (do not log loadbalancer health checks)
access_log /var/log/squid/access.log squid
log_access deny !loadbalancers
Without the "log_access" directive enabled, all requests are logged using their
X-Forwarded-For source address:
1268749629.423 354 172.26.100.23 TCP_MISS/200 1475 GET
http://webmail.blah.net/? - DIRECT/72.29.72.189 text/plain
These are the types of requests that I am trying to prevent from being logged:
1268749630.481 0 x.x.x.y TCP_DENIED/400 2570 GET error:invalid-request -
NONE/- text/html
(where x.x.x.y is the load balancer, and the request is a "health check" of the
web proxy service)
Thanks,
Josh
-----Original Message-----
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Monday, March 15, 2010 6:52 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Ignore requests from certain hosts in access_log
On Mon, 15 Mar 2010 12:15:49 -0500, "Baird, Josh" <jba...@follett.com>
wrote:
Ok, that sort of worked. I have a pair of load balancers sitting in
front of my Squid proxy farm. The load balancers insert the
X-Forwarded-For header into each HTTP request which allows Squid to log
their connections using their real client source IP (extracted from
X-Forwarded-For). In reality, the connections to the squid servers are
being made directly from the load balancers.
When I use log_access to deny logging to the load balancer's IP
addresses, -nothing- gets logged to access_log. I am attempting to not
log the "health HTTP checks" from 10.26.100.130/10.26.100.131 but still
log the other traffic. It doesn't seem that log_access is
X-Forwarded-For aware? Any ideas?
acl loadbalancers src 10.26.100.130/255.255.255.255
acl loadbalancers src 10.26.100.131/255.255.255.255
log_access deny !loadbalancers
Ah, you will require these as well:
# to trust what the load balancers report for XFF
follow_x_forwarded_for allow loadbalancers
# to use the XFF details in the logs
log_uses_indirect_client on
# to use the XFF details in ACL tests
# telling loadbalancer generated requests from relayed
acl_uses_indirect_client on
Amos