SOLUTION: Squid3 - Exclude IP/IP-RANGE from access.log



  • Hi Guys
    I have asked this and never got an answer:
    How do I exclude and IP from being logged to access.log file?

    kind regards
    cyber7 (aka Aubrey Kloppers; Cape Town; South Africa)



  • I don't think it's possible to stop the logging selectively like that.



  • Retracted!  Does not work :(

    Hi KOM
    Sorry to prove you wrong, but I found it:
    (without screenshots  ;D )

    • Service/Proxy Server/General Settings
    • Custom Settings/Custom ACLS (Before_Auth) - Add the following rule:
        acl EXCLUDE src 10.0.0.10-10.0.0.11/32
        access_log none EXCLUDE
    • Save/Apply/Restart

    Works like a charm.  The ACL could also be something like "acl EXCLUDE src 10.0.0.10/32" for a single acl.  I found the mask to be important in Squid3.

    This needs to go into the wiki, but I still did not get a username/password as requested  :(

    cyber7-out (aka Aubrey Kloppers, Cape Town, South Africa)



  • I did, however, found a fix.  I am still testing if the logfiles will rotate as specified, but the following 'fix' does work.

    • Un-select "Enable Logging" in "Services/Proxy Server/Logging Settings"

    • Add the following lines at the END of your "Services/Proxy Server/Custom ACLS (Before_Auth)"

    • acl ACLNAME src 10.0.0.10-10.0.0.11/32
      logfile_rotate 3650
      debug_options rotate=3650
      access_log /var/squid/log/access.log squid !ACLNAME

    • Save and restart

    I wrote about this quite a while ago in topic https://forum.pfsense.org/index.php?topic=92707.0, but no-one seemed to have taken heed.  Do I need to log a bug for this?

    cyber7-out (aka Aubrey Kloppers, Cape Town, South Africa)



  • @KOM:

    Yeah, what's up with this?  You do realize that the vast majority of us aren't ESF staff here, right?  That we're just normal users who try to help others for free out of our spare time?

    Easy to understand.  Read the entire mail and you will see that:
    1. http://www.squid-cache.org/Doc/config/access_log/ States clearly the function to disable logging of Aliases.
    2. The question was asked and never answered in April 2015.
    3. As far as I understand from squid.org, this function was written out (broken) the Squid3 compile by pfSense.
    4. 171 Views later on the April 2015 topic (+74 on the current one) and no confirmation, no guide from the ESF staff, nothing…

    Tested on a native installation of squid3 the function talked about was ACTIVE.  Do you understand now that the compilers of squid3 needs to fix this and sooner than later?

    As a closing point:  I understand the vast majority users are not staff, not being paid, not making money and not getting anything in return.  As a matter of fact, in addition to being one of these people, I also work in a NPO (check my credentials all over the net), have a passion for anything Linux and write a lot of technical guidelines for novice users.  NOT because I make money, but for the passion of the subjects.  I also have an 'other' life besides my on-line persona, so IF I ask a question, a valid question, a question asked so many times that the vast majority of the hits on my blog over the last 2 days is because of this question, I expect an answer.  Even if it is a "No we will not compile the function we broke into our release because we do not feel like it...", I can accept.  But silence is just a slap in the face.

    I will now get off my chair and say the comment I made on my blog was not directed to you, the forum nor the users, but to the person that can fix this by adding/replacing/fixing the compile of squid3 and not ignoring the "fix" that took me more than a week to realize...

    cyber7-out

    As a PS:

    A bug was reported for EXACTLY this 5 months ago!
    https://redmine.pfsense.org/issues/4461



  • You have a fundamental misunderstanding of how these forums work.  Nobody here is obligated to help you, including ESF staff, despite how entitled you may feel.  They drop by and will sometimes offer assistance, but if you expect answers then perhaps you should purchase support.  Otherwise, understand that we are all volunteeers here.  If nobody answers your question, that means that nobody has an answer or the right pair of eyes didn't see it.  If you demand an answer, call ESF and pay for it.  The squid package in particular is not maintained nor officially supported by ESF, but by a forum volunteer, again for free in his spare time.  If you can do better, perhaps you could take on that project?



  • @KOM
    So, if I understand you correctly, if:
    (1) issue was reported that needed attention and
    (2) a full work-up with a solution was posted and
    (3) a full report with all the findings was posted
    but nothing gets done, I (and other users of pfSense) have no other way fixing the error, but fixing the problem themselves?

    That said, IF YOU TOOK THE TIME to read the redmine issue report, you will find this actually a huge problem with massive repercussions and huge security issues.  The lack of your ability to grasp the seriousness of the problem and your previous comments shows that you are actually not vested in a solution.

    cyber7-out


  • Banned

    Listen. Beyond what KOM already said:

    1/ Noone wants to touch packages due to PBI shit. Massive waste of volunteer time. Especially with huge complex packages like this.
    2/ If you want work done, perhaps at least submit a pull request on GitHut, instead of rants.

    Finally, a personal rant from myself. This goddamn Squid thing abused by everyone with a hole in their ass for no good reason is about the most massive source of collateral damage on pfSense. Things like the SSL bump are a massive clusterfuck/brainfart and indeed a "huge security issue"… Unlike your ACLs. If the whole thing died altogether, I'd feel no remorse.



  • WOW…  :o