Is Squid logging this properly?
A user requests www.not-allowed-here.com. Squid sends the request
to a redirector. The redirector responds with the url to blocked.cgi
which explains to the user why the request was blocked. Squid makes
an entry to access.log that contains the not-allowed-here.com url,
the byte count of the blocked.cgi page, and 'TCP_MISS/403'.
The 403 is the correct choice, but why doesn't Squid use
'TCP_DENIED/403' instead? The definition of '403' is Forbidden, aka
denied. Squid uses 'TCP_DENIED' when it blocks based upon one of its
acls, and at least one reporting program (SARG) keys on the
'TCP_DENIED' to recognize blocked attempts.
Is there a good reason why Squid shouldn't log TCP_DENIED/403 for
standard redirects? It would correct a big flaw in reporting. And
the option is always there for the redirect program to use '301:' or
'302:' if necessary, thus bypassing the 'TCP_DENIED/403' status.
If there is a downside to this I don't see it.
Rick Matthews
Received on Thu Oct 31 2002 - 22:32:34 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:57 MST