Re: [squid-users] Exclude dstdomain in access.log file

2020-01-03 Thread Roberto Carna 
Ok Amos, thanks a lot for your help.

I'll try to update my Squid version i order to block the given domains in
my access.log file.

Greetings !!!

El vie., 3 ene. 2020 a las 3:15, Amos Jeffries ()
escribió:

> On 3/01/20 7:09 am, Roberto Carna wrote:
> > Dear Amos, I have this log entries that I want to disable:
> >
> > 1577988384.248  0 10.88.1.112 TAG_NONE/503 0 CONNECT
> > hangouts.google.com:443  fchop
> HIER_NONE/- -
> > 1577988384.435  0 10.88.1.31 TAG_NONE/503 0 CONNECT
> > hangouts.google.com:443  ccardiff
> > HIER_NONE/- -
> > 1577988384.659  0 10.88.1.26 TAG_NONE/503 0 CONNECT
> > hangouts.google.com:443  mtowers
> > HIER_NONE/- -
> > 1577988385.069  3 10.88.1.13 TAG_NONE/503 0 CONNECT
> > hangouts.google.com:443  pmonkey
> > HIER_NONE/- -
> >
> > Is it possible doing that using "dstdomain" ???
>
> It should be, but yes you have hit a bug. It may be fixed in the latest
> Squid version, but I am not certain of that.
>
> >
> > Or maybe squidguard doesn't let do it ?
> >
>
> squidguard does not have anything to do with the logging issue.
>
> It likely does have something to do with those being 503 though. It is
> responsible for telling Squid what URL to send the upstream server - and
> a CONNECT tunnel has no such URL, squidguard cannot handle that.
>
>
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Exclude dstdomain in access.log file

2020-01-02 Thread Amos Jeffries 
On 3/01/20 7:09 am, Roberto Carna wrote:
> Dear Amos, I have this log entries that I want to disable:
> 
> 1577988384.248      0 10.88.1.112 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443  fchop HIER_NONE/- -
> 1577988384.435      0 10.88.1.31 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443  ccardiff
> HIER_NONE/- -
> 1577988384.659      0 10.88.1.26 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443  mtowers
> HIER_NONE/- -
> 1577988385.069      3 10.88.1.13 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443  pmonkey
> HIER_NONE/- -
> 
> Is it possible doing that using "dstdomain" ???

It should be, but yes you have hit a bug. It may be fixed in the latest
Squid version, but I am not certain of that.

> 
> Or maybe squidguard doesn't let do it ?
> 

squidguard does not have anything to do with the logging issue.

It likely does have something to do with those being 503 though. It is
responsible for telling Squid what URL to send the upstream server - and
a CONNECT tunnel has no such URL, squidguard cannot handle that.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Exclude dstdomain in access.log file

2020-01-02 Thread Roberto Carna 
Dear Amos, I have this log entries that I want to disable:

1577988384.248  0 10.88.1.112 TAG_NONE/503 0 CONNECT
hangouts.google.com:443 fchop HIER_NONE/- -
1577988384.435  0 10.88.1.31 TAG_NONE/503 0 CONNECT
hangouts.google.com:443 ccardiff HIER_NONE/- -
1577988384.659  0 10.88.1.26 TAG_NONE/503 0 CONNECT
hangouts.google.com:443 mtowers HIER_NONE/- -
1577988385.069  3 10.88.1.13 TAG_NONE/503 0 CONNECT
hangouts.google.com:443 pmonkey HIER_NONE/- -

Is it possible doing that using "dstdomain" ???

Or maybe squidguard doesn't let do it ?

Thanks a lot again !!!

El jue., 2 ene. 2020 a las 2:55, Amos Jeffries ()
escribió:

> On 2/01/20 10:14 am, Roberto Carna wrote:
> >
> > Please can you tell me what I can do in order to deny logs from
> > hangouts.google.com  ???
>
> Which of the several FQDN entries in the logs are you seeing it appear?
>
> dstdomain only relates to the URL domain.
>
>
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Exclude dstdomain in access.log file

2020-01-01 Thread Amos Jeffries 
On 2/01/20 10:14 am, Roberto Carna wrote:
> 
> Please can you tell me what I can do in order to deny logs from
> hangouts.google.com  ???

Which of the several FQDN entries in the logs are you seeing it appear?

dstdomain only relates to the URL domain.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Exclude dstdomain in access.log file

2020-01-01 Thread Vacheslav 
well ufdbguard is better, it's about time to upgrade..
On Wed, 2020-01-01 at 18:14 -0300, Roberto Carna wrote:
> Hi people, I have Debian 9 + Squid 3.5.23.
> 
> I'm using squidguard to filter domains and URL's, so in
> /etc/squid/squid.conf I have:
> 
> url_rewrite_program /usr/bin/squidGuard -c
> /etc/squidguard/squidGuard.conf
> 
> I must exclude "hangouts.google.com" domain in
> /var/log/squid/access.log file.
> 
> So firstly I edited in my /etc/squid/squid.conf file:
> 
> acl exclude dstdomain hangouts.google.com
> access_log none exclude
> access_log /var/log/squid/access.log squid
> 
> But it didn't work, when I executed "tail -f
> /var/log/squid/access.log" I could see logs from hangouts.google.com.
> 
> After that I edited again my /etc/squid/squid.conf file:
> 
> acl exclude dstdomain hangouts.google.com
> access_log /var/log/squid/access.log squid !exclude
> 
> But it didn't work again.
> 
> Please can you tell me what I can do in order to deny logs from
> hangouts.google.com ???
> 
> Thanks a lot, greetings !!!
> 
> Robert
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users