Re: [squid-users] Writing a access_log for an acl user doesnt work!

From: Matthew Young <myoung24866_at_gmail.com>
Date: Mon, 26 Oct 2009 22:14:15 -0500

Hello Amos,

I just realized that a variation using users from external auth does
work by logging into specific log files.

Below is the copy of the working config.

auth_param basic program /usr/local/libexec/ncsa_auth /etc/squid/squid_passwd
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # RFC1918 possible internal network
acl Safe_ports port 80
acl Safe_ports port 21 # http
acl Safe_ports port 443 # ftp
acl Safe_ports port 70 # https
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 280 # unregistered ports
acl Safe_ports port 488 # http-mgmt
acl Safe_ports port 591 # gss-http
acl Safe_ports port 777 # filemaker
acl CONNECT method CONNECT # multiling http
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
icp_access allow localnet
icp_access deny all
http_port 8080
hierarchy_stoplist cgi-bin ?
cache_dir null /dev/null
access_log /var/squid/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache

acl admin proxy_auth admin <---------**************************
access_log /var/squid/logs/access_admin.log squid admin
<---------**************************

upgrade_http0.9 deny shoutcast
via off
broken_vary_encoding allow apache
cache_effective_user _squid
cache_effective_group _squid
max_filedescriptors 5024
forwarded_for off
coredump_dir /var/squid/cache

On Mon, Oct 26, 2009 at 9:45 PM, Matthew Young <myoung24866_at_gmail.com> wrote:
> Amos,
>
> Yes indeed all the other requests are getting logged to access_log
> /var/squid/logs/access.log
>
> Ive tried logging based on mac address (yes iam on the same subnet),
> and also as src IP. No go, I have spent hours on this.
>
> Using squid-2.7.STABLE6 .. I just tested the config file on a totally
> different box still no go. I tried chmoding 777 /var/squid/logs and
> its files and no luck.
>
> What else could I do?
>
> --Matt
>
> On Mon, Oct 26, 2009 at 9:16 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On Mon, 26 Oct 2009 18:59:27 -0500, Matthew Young <myoung24866_at_gmail.com>
>> wrote:
>>> Hello Guys,
>>>
>>> Ive been quite some time figuring out why this doesnt work. Iam sure
>>> that my �user (me) is on the same LAN and does have that IP.
>>
>> Looks right to me as well. Is the other general access.log getting the
>> requests? should be logged to both under that config.
>> If not then the requests may not be entering Squid at all...
>>
>>>
>>>
>>> acl jp src 172.16.2.35
>>> access_log /var/squid/logs/access_jp.log squid jp
>>>
>>> Below is my complete config..
>>>
>>> Please somebody shed some light.. Thanks..!!
>>>
>>> - Matt
>>>
>>> acl all src all
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/32
>>> acl to_localhost dst 127.0.0.0/8
>>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>> acl SSL_ports port 443 # RFC1918 possible internal network
>>> acl Safe_ports port 80
>>> acl Safe_ports port 21 # http
>>> acl Safe_ports port 443 # ftp
>>> acl Safe_ports port 70 # https
>>> acl Safe_ports port 210 # gopher
>>> acl Safe_ports port 1025-65535 # wais
>>> acl Safe_ports port 280 # unregistered ports
>>> acl Safe_ports port 488 # http-mgmt
>>> acl Safe_ports port 591 # gss-http
>>> acl Safe_ports port 777 # filemaker
>>> acl CONNECT method CONNECT # multiling http
>>> acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
>>> http_access allow manager localhost
>>> http_access allow localnet
>>> http_access deny manager
>>> http_access deny !Safe_ports
>>> http_access deny CONNECT !SSL_ports
>>> http_access allow all
>>> icp_access allow localnet
>>> icp_access deny all
>>> http_port 8080
>>> hierarchy_stoplist cgi-bin ?
>>> cache_dir null /dev/null
>>> access_log /var/squid/logs/access.log
>>> refresh_pattern ^ftp: � � � � � 1440 � �20% � � 10080
>>> refresh_pattern ^gopher: � � � �1440 � �0% � � �1440
>>> refresh_pattern -i (/cgi-bin/|\?) 0 � � 0% � � �0
>>> refresh_pattern . � � � � � � � 0 � � � 20% � � 4320
>>> acl apache rep_header Server ^Apache
>>> acl jp src 172.16.2.35
>>> access_log /var/squid/logs/access_jp.log squid jp
>>> upgrade_http0.9 deny shoutcast
>>> �via on
>>> broken_vary_encoding allow apache
>>> cache_effective_user _squid
>>> cache_effective_group _squid
>>> max_filedescriptors �5024
>>> coredump_dir /var/squid/cache
>>
>> Amos
>>
>
Received on Tue Oct 27 2009 - 03:14:22 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 27 2009 - 12:00:03 MDT