Tag Archives: Proxy

Controlling log formats in Squid

The Squid proxy comes with prepackaged logging formats like these:

logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidmime %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

Unfortunately the %ru parameter strips off any HTTP GET parameters that could have been found in the query. Changing it to %rp fixes that, but strips off the host part of the URL as a result!

One solution to that was to extract the Host header from the raw headers >h (the %{Host}>h portion), and to replace %rm with %rp.

logformat mynewcombinedformat %>a %ui %un [%tl] "%rm %{Host}>h %rp HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

Somewhat better now, but it does not show the port being CONNECTed to (for example hostname:443 for SSL connections), as it is only shown as part of the %ru parameter… -_-

SecureMe so far…

Have been using my VPN + proxy + dns resolver combination (or the so-called SecureMe project) for a while to date, and it has served my pretty well so far.. I primarily use this at public wifi hotspots like Wireless@SG, where the network is not trusted.  Of course this could be extended to apply in networks which aren’t necessarily private or trusted, which works very well for people running in paranoia mode (like me).

A short review on the different parts of this system so far…

Continue reading SecureMe so far…