This seems well thought out and I agree with your logic. I have not found the squid developer community to be to responsive to concerns related to redirector behavior, but perhaps they will be persuaded by your argument.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:owner-squidguard@;relay1.teledanmark.no]On Behalf Of Rick > Matthews > Sent: Friday, November 08, 2002 7:36 PM > To: Squidguard@Squidguard. Org > Subject: TCP_DENIED/403 vs TCP_MISS/403 > > > Here's the text of a message that I posted to the squid-users list. > Please let me know if you have any feedback on the issue: > > -------------------------------------------------------- > From: Rick Matthews > Sent: Thursday, October 31, 2002 11:32 PM > To: [EMAIL PROTECTED] > Subject: [squid-users] Interpretation & logging of redirector responses > > Is Squid logging this properly? > > A user requests www.not-allowed-here.com. Squid sends the request > to a redirector. The redirector responds with the url to blocked.cgi > which explains to the user why the request was blocked. Squid makes > an entry to access.log that contains the not-allowed-here.com url, > the byte count of the blocked.cgi page, and 'TCP_MISS/403'. > > The 403 is the correct choice, but why doesn't Squid use > 'TCP_DENIED/403' instead? The definition of '403' is Forbidden, aka > denied. Squid uses 'TCP_DENIED' when it blocks based upon one of its > acls, and at least one reporting program (SARG) keys on the > 'TCP_DENIED' to recognize blocked attempts. > > Is there a good reason why Squid shouldn't log TCP_DENIED/403 for > standard redirects? It would correct a big flaw in reporting. And > the option is always there for the redirect program to use '301:' or > '302:' if necessary, thus bypassing the 'TCP_DENIED/403' status. > > If there is a downside to this I don't see it. > > Rick Matthews > > > >
smime.p7s
Description: application/pkcs7-signature
