Thank you Amos, it works.
I just forgot that in the xxx_access directives the ACLs are ANDed !
Ciao!
-- Francis GASCHET / NUMLOG http://www.numlog.fr Tel.: +33 (0) 130 791 616 Fax.: +33 (0) 130 819 286 Le 12/22/2010 02:23 PM Amos Jeffries a écrit : > On 22/12/10 22:34, Francis GASCHET wrote: >> Hello, >> >> We recently had to upgrade a proxy server from Debian 4 to Debian 5 and >> installed Squid 2.7 : >> #squid -v >> Squid Cache: Version 2.7.STABLE3 >> configure options: '--prefix=/usr' '--exec_prefix=/usr' >> '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' >> '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' >> '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' >> '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' >> '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' >> '--enable-snmp' '--enable-delay-pools' '--enable-htcp' >> '--enable-cache-digests' '--enable-underscores' '--enable-referer-log' >> '--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate' >> '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' >> '--enable-follow-x-forwarded-for' '--with-large-files' >> '--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux' >> 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' >> 'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS=' >> >> >> With Squid 2.6 we used multiple access_log directives, based on >> different ACLs and it worked fine. >> Since we installed the 2.7 version it looks broken : as soon as I put an >> ACL, requests are no more logged. I tried with and without the module: >> same result. i tried also the 2 syntaxes for net mask... >> access_log stdio:/var/log/squid/access.log squid : this is OK (if >> log_access is not defined) >> access_log stdio:/var/log/squid/access.log squid NORD : this doesn't >> work. Indeed the ACL NORD is declared and listed in log_access. No error >> when I reload the configuration. >> >> >> Thereafter is the configuration I would like to get running: >> acl SUD src 192.168.3.0/24 192.168.192.0/24 >> acl NORD src 192.168.5.0/24 192.168.82.0/24 >> acl NML src 1.1.1.1/255.255.255.255 >> access_log stdio:/var/log/squid/sud.log squid SUD >> access_log stdio:/var/log/squid/access.log squid NORD >> access_log stdio:/var/log/squid/access.log squid NML >> log_access allow SUD NORD NML > > The log_access line tells Squid to only log when the src IP is in all > three of the non-overlapping ranges. > > You need to write it: > log_access allow SUD > log_access allow NORD > log_access allow NML > log_access deny all > > > AmosReceived on Wed Dec 22 2010 - 17:11:46 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 22 2010 - 12:00:03 MST