On 21/05/11 07:53, Alex Rousskov wrote:
On 05/20/2011 12:16 AM, Amos Jeffries wrote:
On 20/05/11 04:00, Alex Rousskov wrote:
Hello,
%la logs the destination address of the HTTP client connection. For
regular requests, this is the http_port address as promised by our
squid.conf documentation quoted below. For intercepted requests, it
appears to be the origin server address because that is where the
connection was going.
<A Server IP address or peer name
la Local IP address (http_port)
lp Local port number (http_port)
Should we fix documentation (i.e., warn the admin that %la logs origin
server addresses for intercepted requests) or implementation (i.e., log
the actual local address used by Squid to intercept the request)?
IMO. Implementation. With NAT there is no "local" IP:port. The more we
can make that clear the better.
Sorry, the combination of "fix implementation" and "there is no local
IP:port" confuses me. Do you mean that Squid should log a dash as a %la
value for intercepted requests?
Yes exactly that.
To clarify context, folks want to know which Squid and/or which Squid
http_port handled the transaction. In my experience, that is the primary
driver behind most %l* or "local" requests. Logging a dash for
intercepted requests would not help these admins, but we can insist that
that is the correct value and then suggest another way to distinguish
Squid instances and/or http_ports.
When a box has 2 IPs NATing 4 subnets. Which one is arriving at:
"http_port 1234 intercept".
The OS socket API give us box primary IP (~50% wrong), fail, or the
client original destination.
What do you think we should log for %la when the connection was
intercepted by Squid?
"-" in most cases.
*If* there is an IP in the squid.conf details, that can be displayed.
Same limitations occur for %lp, but with the guarantee that the config
file at least always has a port number available.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
