Here's the text of a message that I posted to the squid-users list. Please let me know if you have any feedback on the issue:
-------------------------------------------------------- From: Rick Matthews Sent: Thursday, October 31, 2002 11:32 PM To: [EMAIL PROTECTED] Subject: [squid-users] Interpretation & logging of redirector responses Is Squid logging this properly? A user requests www.not-allowed-here.com. Squid sends the request to a redirector. The redirector responds with the url to blocked.cgi which explains to the user why the request was blocked. Squid makes an entry to access.log that contains the not-allowed-here.com url, the byte count of the blocked.cgi page, and 'TCP_MISS/403'. The 403 is the correct choice, but why doesn't Squid use 'TCP_DENIED/403' instead? The definition of '403' is Forbidden, aka denied. Squid uses 'TCP_DENIED' when it blocks based upon one of its acls, and at least one reporting program (SARG) keys on the 'TCP_DENIED' to recognize blocked attempts. Is there a good reason why Squid shouldn't log TCP_DENIED/403 for standard redirects? It would correct a big flaw in reporting. And the option is always there for the redirect program to use '301:' or '302:' if necessary, thus bypassing the 'TCP_DENIED/403' status. If there is a downside to this I don't see it. Rick Matthews
