pfSense 2.4.5-RELEASE-p1, squid 0.4.44_35, no fqdn on access.log with transparent proxy


  • Hello friends.

    I just installed this pfSense 2.4.5-RELEASE-p1 and squid 0.4.44_35. But in the access.log file it does not show FSDN for https connections, only http connections.

    This is a sample from my access.log file:

    1608685206.525   1007 10.0.0.100 TCP_TUNNEL/200 4448 CONNECT 185.117.134.129:443 - ORIGINAL_DST/185.117.134.129 -
    1608685207.415    874 10.0.0.100 TCP_TUNNEL/200 4602 CONNECT 185.117.134.18:443 - ORIGINAL_DST/185.117.134.18 -
    1608685208.363    933 10.0.0.100 TCP_TUNNEL/200 4380 CONNECT 185.117.134.17:443 - ORIGINAL_DST/185.117.134.17 -
    1608685265.197 508732 10.0.0.100 TCP_TUNNEL/200 4605 CONNECT 52.179.224.121:443 - ORIGINAL_DST/52.179.224.121 -
    1608685266.161    135 10.0.0.100 TCP_MISS/304 413 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b200325a2c6bc2b9 - ORIGINAL_DST/192.16.48.200 -
    1608685266.210     41 10.0.0.100 TCP_MISS/304 415 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?689d8c3e7f1f1110 - ORIGINAL_DST/192.16.48.200 -
    1608685266.264     46 10.0.0.100 TCP_MISS/304 452 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?41a2088190782a1f - ORIGINAL_DST/192.16.48.200 -
    1608685291.506 170365 10.0.0.100 TCP_TUNNEL/200 4017 CONNECT 104.18.26.20:443 - ORIGINAL_DST/104.18.26.20 -
    1608685303.514 173631 10.0.0.100 TCP_TUNNEL/200 3719 CONNECT 172.217.30.14:443 - ORIGINAL_DST/172.217.30.14 -
    1608685305.536 170382 10.0.0.100 TCP_TUNNEL/200 3608 CONNECT 64.233.190.155:443 - ORIGINAL_DST/64.233.190.155 -
    1608685306.552 171121 10.0.0.100 TCP_TUNNEL/200 4223 CONNECT 172.217.29.36:443 - ORIGINAL_DST/172.217.29.36 -
    

    I just checked "Enable Access Logging" and in 'Custom Options (Before Auth)' i put this options:

    strip_query_terms off
    logformat combined
    

    As you can see all https connections show the Web Page IP instead the FQDN.

    But, if i set https_proxy in my browser the FQDN resolv at access.log show correctly.

    Does anyone know how to make access.log file write the FQDN or full url for https connections in transparent mode?