Hello, we’re beginning to enable the Peek and Splice feature on Squid 3.5. Our ssl_bump configuration looks like below where we’re validating the request matches a domain in our allowed_sites file and then terminating the SSL connection if it does not.
This is all working well except for the fact that we don’t have a good way to determine what is being blocked. In the configuration below, the only log we get is when Squid connects to the external server to get the SSL certificate and that is usually a 200 response. If the domain does not match our allowed list the connection is then terminated and no additional log is written.
I know that we can see this in cache.log by enabling debugging (debug_options 28,4), but that’s a large amount of log data to try to process and report on and the structure of the log is not something that we can easily ingest into our logging platform. It would be great if we could get it into a JSON format similar to how we can with access_log.
Does anyone else have a solution for this and if not, is this something that has been requested as a feature in the past?
* If something is not logged in the latest v3, then please consider
upgrading to v4. Filing a bug report in Bugzilla (see below) for v3
might motivate somebody to backport the fixes, but if the bug is fixed
in v4, then upgrading may be an overall better option, especially if you
* If something is not logged in the latest v4 or v5, then please
consider filing a bug report in Bugzilla. Attaching an ALL,9 cache.log
while reproducing the issue using a single transaction on an otherwise
idle Squid will help developers triage your bug report.
P.S. You do not need the "step3" ACL in the configuration below.