Lightsquid ssl

  • Good day everyone,

    I am currently using squid for our proxy, and recently decided to use WPAD/PAC to also capture HTTPS traffic.  I am having one very annoying issue with lightsquid, and wondering if anybody has any insight.

    All my lightsquid information looks like the attached image.  It also does not consolidate the first part of the domain name(even this would be fine, so that I can differentiate HTTPS traffic, as long as subdomains are combined)

    I have been modifying my file to consolidate subdomains, however, this is only working for HTTP traffic, as all HTTPS sites are showing the port number like
    The code I am using is:
    $url =~ s/([a-z]+://)??..(google.)/$2/o;

    Has anybody found a way around this or even thought about this?  I was thinking of telling squid to not include the port, however, it seems to not be working.  Any other suggestions/thoughts?


    • Marc
      ![2016-03-28 10-20-41.png](/public/imported_attachments/1/2016-03-28 10-20-41.png)
      ![2016-03-28 10-20-41.png_thumb](/public/imported_attachments/1/2016-03-28 10-20-41.png_thumb)

  • Hi,

    i changed my to extract only the root domain.
    See the result in the attached image.

    $user=lc $Luser;
    	$user = Ip2Name($Lhost,$user,$Ltimestamp);
    	next if (defined $hSkipUser{$user});
    	#simplified some common banner system & counters
    	if ($url =~ /([^:]*:\/\/)?([^\/]*\.)*([^\/\.]+\.[^\/]+)/g) {
    	   ($site)= split /:/,$3; 
    	} else {
    	$site=$Lurl if ($site eq "");
    	$totalsize	  {$user}		+=$Lsize;
    	$totalhit	  {$user}		++;


Log in to reply