The Squid proxy comes with prepackaged logging formats like these:
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidmime %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
Unfortunately the %ru
parameter strips off any HTTP GET parameters that could have been found in the query. Changing it to %rp
fixes that, but strips off the host part of the URL as a result!
One solution to that was to extract the Host header from the raw headers >h
(the %{Host}>h
portion), and to replace %rm
with %rp
.
logformat mynewcombinedformat %>a %ui %un [%tl] "%rm %{Host}>h %rp HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
Somewhat better now, but it does not show the port being CONNECTed to (for example hostname:443 for SSL connections), as it is only shown as part of the %ru
parameter… -_-
If you wish to have a safe and private way to surf the internets while you’re at a public wifi hotspot, or somewhere like a hotel “free” network or whatnot, why not consider using a VPN + proxy + DNS resolver combination?
SecureMe is a project I started to try out and get some experience from running an operational combination like this, and I have been using it without much issues for the past quarter year to date.
I’m opening this as a service to people who’d like to make use of this service too, and for no minimum cost! I only ask for the following:
1. feedback/suggestions/complaints/compliments!
2. (if you’re feeling generous) donations to help me upkeep my server at least (I don’t intend to strike it rich with this anyway) 😀
If you wish to use this, email me at secureme{@T}rayfoo[dot]info to enquire on availability. Alternatively you could tweet or FB me…
I’ll support this as much as possible where time/resources permits, but for now I’d suggest that (at least) the slightly more technically inclined try this.
Have been using my VPN + proxy + dns resolver combination (or the so-called SecureMe project) for a while to date, and it has served my pretty well so far.. I primarily use this at public wifi hotspots like Wireless@SG, where the network is not trusted. Â Of course this could be extended to apply in networks which aren’t necessarily private or trusted, which works very well for people running in paranoia mode (like me).
A short review on the different parts of this system so far…
Continue reading SecureMe so far… →
Just another {DFIR, InfoSec, Linux, math, running, diving, etc} geek