Hi,
I'm trying to log the name of the ACL that allowed/denied access for a
particular request. I have a patch that seems to work fine on all my
machines except one. On that one machine it'll work fine for several
hours, but then begins logging other garbage; sometimes parts of URLs,
other times it's just random bytes. I think my patch is correct and this
machine has a problem, but I'd appreciate it if someone could take a look.
My real goal is to associate a username with requests that are allowed
based on a whitelisted IP. I had originally done this using an external
acl helper, but found that it was too slow and would cause connections
to randomly fail. So instead I now generate a .conf file that is
included with my main squid config which looks like this:
acl foo src 10.3.4.0/24
acl foo src 10.4.5.0/24
http_access allow foo
acl bar src 120.3.4.0/24
acl bar src 120.4.5.0/24
http_access allow bar
hence why I'm then trying to log the name of the ACL that allowed the
connection. If there's a different way of doing that I'm open to
suggestions.
Here's the patch, I allowed the ACL to be accessible via its own token
or to replace the user one if the user is null.
Thanks,
--Will
Index: squid3-3.1.19/src/AccessLogEntry.h
===================================================================
--- squid3-3.1.19.orig/src/AccessLogEntry.h 2012-02-05
06:51:32.000000000 -0500
+++ squid3-3.1.19/src/AccessLogEntry.h 2012-03-29 00:57:22.000000000 -0400
@@ -96,6 +96,7 @@
msec(0),
rfc931 (NULL),
authuser (NULL),
+ aclname (NULL),
extuser(NULL)
#if USE_SSL
,ssluser(NULL)
@@ -114,6 +115,7 @@
int msec;
const char *rfc931;
const char *authuser;
+ const char *aclname;
const char *extuser;
#if USE_SSL
Index: squid3-3.1.19/src/access_log.cc
===================================================================
--- squid3-3.1.19.orig/src/access_log.cc 2012-02-05 06:51:32.000000000 -0500
+++ squid3-3.1.19/src/access_log.cc 2012-03-29 01:01:43.000000000 -0400
@@ -404,6 +404,7 @@
LFT_TAG,
LFT_IO_SIZE_TOTAL,
LFT_EXT_LOG,
+ LFT_ACCEPTED_ACL,
#if USE_ADAPTATION
LTF_ADAPTATION_SUM_XACT_TIMES,
@@ -561,6 +562,7 @@
{"et", LFT_TAG},
{"st", LFT_IO_SIZE_TOTAL},
{"ea", LFT_EXT_LOG},
+ {"ACL", LFT_ACCEPTED_ACL},
{"%", LFT_PERCENT},
@@ -1017,6 +1019,9 @@
if (!out)
out = accessLogFormatName(al->cache.extuser);
+ if (!out)
+ out = accessLogFormatName(al->cache.aclname);
+
#if USE_SSL
if (!out)
@@ -1182,6 +1187,10 @@
break;
+ case LFT_ACCEPTED_ACL:
+ out = al->cache.aclname;
+ break;
+
case LFT_PERCENT:
out = "%";
@@ -1764,6 +1773,9 @@
if (!user)
user = accessLogFormatName(al->cache.extuser);
+ if (!user)
+ user = accessLogFormatName(al->cache.aclname);
+
#if USE_SSL
if (!user)
@@ -2431,6 +2443,7 @@
safe_free(aLogEntry->headers.reply);
safe_free(aLogEntry->cache.authuser);
+ safe_free(aLogEntry->cache.aclname);
safe_free(aLogEntry->headers.adapted_request);
HTTPMSGUNLOCK(aLogEntry->adapted_request);
Index: squid3-3.1.19/src/client_side.cc
===================================================================
--- squid3-3.1.19.orig/src/client_side.cc 2012-02-05 06:51:32.000000000
-0500
+++ squid3-3.1.19/src/client_side.cc 2012-04-01 22:13:11.000000000 -0400
@@ -558,6 +558,8 @@
al.cache.msec = tvSubMsec(start_time, current_time);
+ al.cache.aclname = xstrdup( aclname );
+
if (request)
prepareLogWithRequestDetails(request, &al);
Index: squid3-3.1.19/src/client_side_request.cc
===================================================================
--- squid3-3.1.19.orig/src/client_side_request.cc 2012-02-05
06:51:32.000000000 -0500
+++ squid3-3.1.19/src/client_side_request.cc 2012-04-01
22:13:24.000000000 -0400
@@ -588,6 +588,8 @@
else if (http->request->auth_user_request != NULL)
proxy_auth_msg =
http->request->auth_user_request->denyMessage("<null>");
+ http->aclname = AclMatchedName;
+
if (answer != ACCESS_ALLOWED) {
/* Send an error */
int require_auth = (answer == ACCESS_REQ_PROXY_AUTH ||
aclIsProxyAuth(AclMatchedName));
Index: squid3-3.1.19/src/client_side_request.h
===================================================================
--- squid3-3.1.19.orig/src/client_side_request.h 2012-02-05
06:51:32.000000000 -0500
+++ squid3-3.1.19/src/client_side_request.h 2012-03-26
22:54:59.000000000 -0400
@@ -98,6 +98,7 @@
HttpRequest *request; /* Parsed URL ... */
char *uri;
char *log_uri;
+ const char *aclname;
struct {
int64_t offset;
Received on Tue Apr 03 2012 - 00:02:28 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 03 2012 - 12:00:02 MDT