Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
Onotolius2020-11-10 21:31:22
Squid
Onotolius, 2020-11-10 21:31:22

Why are logs not being written to squid?

Hello.
I installed a squid v.4 proxy server on Debian and configured it for several ip , everything seems to work but the logs are not written, or rather they are written, but somehow very strange.
in the logs in /var/log/squid/access.log mostly entries like:

1604772553.040  19343 78.121.29.117 TCP_TUNNEL/200 27950 CONNECT yastatic.net:443 login1 HIER_DIRECT/178.154.131.216 -
1604772556.479    242 78.121.29.117 TCP_TUNNEL/200 3277 CONNECT kitbit.net:443 login1 HIER_DIRECT/31.131.252.94 -
1604772571.834  84719 5.8.230.86 TCP_TUNNEL/200 291327 CONNECT www.ea.com:443 login2 HIER_DIRECT/184.51.133.90 -


Everything is correct in the config.

acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT POST GET


http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager


there are rarely post or get requests among the logs. I did a lot of tests, but I still don’t understand why there is only CONNECT in the logs.
Moreover, I installed the tshark sniffer and even it doesn't capture post or get requests, only CONNECT sometimes, which is amazing.
What could be the matter?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
Dimonchik, 2020-11-10
@dimonchik2013

in the ubiquitous https
connect, this is https
if you want to sniff inside - replace certificates

Report
C
CityCat4, 2020-11-11
@CityCat4

What's embarrassing? squid writes everything correctly - now almost everywhere, even where https is not needed, and in it all requests are inside the tunnel.
In order to see the contents of the tunnels, squid must be bumped.

Similar questions
L
lohmag2014-09-17 22:16:44
Squid won't work with iptables redirect? 1Reply
B
blackfox9902016-10-25 08:09:04
Need help organizing a redirect to a site from a local network? 2Reply
D
David K2019-04-14 06:10:42
Where can I download the latest version of sams? 1Reply
F
fatalick2019-05-08 12:30:35
How do I configure Squid to automatically apply domain name rules to matching IP addresses? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question