Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.4.5-RELEASE-p1, squid 0.4.44_35, no fqdn on access.log with transparent proxy

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 549 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nathanielmorais
      last edited by nathanielmorais

      Hello friends.

      I just installed this pfSense 2.4.5-RELEASE-p1 and squid 0.4.44_35. But in the access.log file it does not show FSDN for https connections, only http connections.

      This is a sample from my access.log file:

      1608685206.525   1007 10.0.0.100 TCP_TUNNEL/200 4448 CONNECT 185.117.134.129:443 - ORIGINAL_DST/185.117.134.129 -
1608685207.415    874 10.0.0.100 TCP_TUNNEL/200 4602 CONNECT 185.117.134.18:443 - ORIGINAL_DST/185.117.134.18 -
1608685208.363    933 10.0.0.100 TCP_TUNNEL/200 4380 CONNECT 185.117.134.17:443 - ORIGINAL_DST/185.117.134.17 -
1608685265.197 508732 10.0.0.100 TCP_TUNNEL/200 4605 CONNECT 52.179.224.121:443 - ORIGINAL_DST/52.179.224.121 -
1608685266.161    135 10.0.0.100 TCP_MISS/304 413 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b200325a2c6bc2b9 - ORIGINAL_DST/192.16.48.200 -
1608685266.210     41 10.0.0.100 TCP_MISS/304 415 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?689d8c3e7f1f1110 - ORIGINAL_DST/192.16.48.200 -
1608685266.264     46 10.0.0.100 TCP_MISS/304 452 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?41a2088190782a1f - ORIGINAL_DST/192.16.48.200 -
1608685291.506 170365 10.0.0.100 TCP_TUNNEL/200 4017 CONNECT 104.18.26.20:443 - ORIGINAL_DST/104.18.26.20 -
1608685303.514 173631 10.0.0.100 TCP_TUNNEL/200 3719 CONNECT 172.217.30.14:443 - ORIGINAL_DST/172.217.30.14 -
1608685305.536 170382 10.0.0.100 TCP_TUNNEL/200 3608 CONNECT 64.233.190.155:443 - ORIGINAL_DST/64.233.190.155 -
1608685306.552 171121 10.0.0.100 TCP_TUNNEL/200 4223 CONNECT 172.217.29.36:443 - ORIGINAL_DST/172.217.29.36 -

      I just checked "Enable Access Logging" and in 'Custom Options (Before Auth)' i put this options:

      strip_query_terms off
logformat combined

      As you can see all https connections show the Web Page IP instead the FQDN.

      But, if i set https_proxy in my browser the FQDN resolv at access.log show correctly.

      Does anyone know how to make access.log file write the FQDN or full url for https connections in transparent mode?

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD
        DaddyGo @nathanielmorais
        last edited by DaddyGo

        @nathanielmorais said in pfSense 2.4.5-RELEASE-p1, squid 0.4.44_35, no fqdn on access.log with transparent proxy:

        Does anyone know how to make access.log file write the FQDN or full url for https connections

        Hi,

        these will help, if you read and interpret them in a row:

        1. https://forum.netgate.com/topic/96970/solved-where-to-configure-squid-log-format-please/2
        2. http://www.squid-cache.org/Doc/config/logformat/
        3. (Linux, but it's true): https://www.linuxquestions.org/questions/linux-software-2/log_fqdn-on-and-logformat-aren%27t-included-in-the-conf-file-4175507004/

        I draw your attention to this: 😉

        c7183e77-4741-417e-92da-c1a091113811-image.png

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.