[squid-users] Multiple access_log directives and ACLs

From: Jeffrey Goldberg <jeffrey_at_goldmark.org>
Date: Mon, 22 Jun 2009 11:57:27 -0500

This is possibly a FAQ (though I didn't find it after a reasonable
amount of searching) and is almost certainly an very simple question
for those who already understand the logic of squid configuration files.

With multiple access_log directives with acls, does matching stop at
the first hit or will a single request log to all matching access_log
directives?

Background:

As this list probably knows, there is an effort to set up HTTP proxy
to help people from Iran evade national filters. Whether Squid or
HTTP proxies are the best tool or this (or whether something like tor
is better suited) doesn't take away from the fact that there is a
coordinated effort to get people to install and configure squid for
the purpose. Apparently more than 2000 proxies have been configured
(though reports are that many are misconfigured.)

One requirement is that we don't log any information that could harm
anyone from Iran should the logs fall into the wrong hands. At the
moment the advice being given out is to turn off logging. I would
like to know whether the following would have the desired effect.

  logformat squidanon %ts.%03tu %6tr X.X.X.X %Ss/%03Hs %<st %rm XXX
%un %Sh/%<A %mt

  access_log /usr/local/squid/logs/access.log squidanon PERSIA
  access_log /usr/local/squid/logs/access.log squid

(Assume that the acl PERSIA is already declared).

Because my own proxy is already blocked from Iran, I have little scope
to test on my own.

I'm running squid 3.0STABLE16 on FreeBSD-7-STABLE. But I think that
most others are running 2.7. If there are differences between 3.0 and
2.7 I would like information for both so that I can pass on the advice.

Thank you,

-j

-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/
Received on Mon Jun 22 2009 - 16:57:32 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 23 2009 - 12:00:03 MDT