调试 squid 代理访问日志 - TAG_NONE/200

调试 squid 代理访问日志 - TAG_NONE/200

我们正在使用透明代理 Squid(Squid 缓存:版本 3.5.28 服务名称:squid)。问题似乎类似于Squid SSL 碰撞 TAG_NONE / HEIR_NONE但我的访问日志略有不同。

我们有一个运行 Java8 的 EC2 实例和一个通过互联网与 GCP 通信的应用程序。此应用程序似乎能够成功从其他来源使用数据,但无法发布到 Google PubSub 帐户。通过 curl 发布似乎没问题。

以下是我们在访问日志中看到的内容,

{“event”:“2019-08-28 10:14:53 +1000.140 106 10.xxx TAG_NONE/200 0 CONNECT 172.217.167.106:443 - ORIGINAL_DST/172.217.167.106 - peek pubsub.googleapis.com”,“source_name”:“/var/log/squid/access.log”}

请注意,其他基于 Java 的应用程序使用相同的代理节点发布到 GCP 没有任何问题,在这种情况下我可以看到 TCP_TUNNEL/200。

知道上述访问日志实际上是什么意思吗?

Squid 配置如下,

#
# FILE MANAGED BY PUPPET - Module squid
# Adapted from the RedHat recommended minimum configuration.
#
visible_hostname devproxy-hostname.local

acl to_linklocal dst 169.254.0.0/16 fe80::/10


# Source networks that are allowed to use this proxy
acl localnet src 10.x.x.x/16

# Destination ports that are allowed to be proxied (not CONNECT method)
acl allow_proxy_port port 22
acl allow_proxy_port port 25
acl allow_proxy_port port 443
acl allow_proxy_port port 465
acl allow_proxy_port port 80

# Destination ports that are allowed to be proxied via the CONNECT method
acl allow_connect_port port 22
acl allow_connect_port port 25
acl allow_connect_port port 443
acl allow_connect_port port 465
acl CONNECT method CONNECT

# DON'T SEND AN ERROR MESSAGE BACK FROM SQUID WHEN THE SSL CERTIFICATE
# IS NOT VALID
sslproxy_flags DONT_VERIFY_PEER

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow manager

# Deny requests to certain unsafe ports
http_access deny !allow_proxy_port

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !allow_connect_port

# Deny access to localhost & link-local addresses
http_access deny to_localhost
http_access deny to_linklocal

acl explicit_http myportname 3128
acl transparent_http myportname 3129
acl transparent_https myportname 3130

# Allow access from clients within the IP ranges defined in localnet
# and the localhost itself for the explicit proxy
http_access allow localnet explicit_http
http_access allow localhost explicit_http

# Allow access from clients within the IP ranges defined in localnet
# and the localhost itself for the transparent proxy
http_access allow localnet transparent_http
http_access allow localhost transparent_http

# No whitelist here as its taken care during the peak and splice below
http_access allow localnet transparent_https
http_access allow localhost transparent_https

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128
http_port 3129 intercept
https_port 3130 ssl-bump intercept cert=/etc/squid/squid.crt key=/etc/squid/squid.key generate-host-certificates=on

# Disable any caching
cache deny all

acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3

# Double peek required to get around an issue with https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery
# as the DNS is looked up again and has a possibility that the IP has changed
ssl_bump peek step1 all
ssl_bump peek step2 all
ssl_bump splice step3 all

# Disable via and x-forwarded-for headers
via off
forwarded_for delete


max_filedescriptors 2048

workers 1

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:     1440  20% 10080
refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .          0    20% 4320

# Change epoch time to human readable time format - Squid 3.5
# Example: 1447998880.602 to 2015-11-20 16:57:40 +1100.107
logformat squid      %{%Y-%m-%d %H:%M:%S %z}tl.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %ssl::bump_mode %ssl::>sni
access_log /var/log/squid/access.log squid

logfile_rotate 0```

Thanks

相关内容