#166 Blocked sites are shown in siteuser report
Hello!
I noticed that blocked sites are shown in siteuser report.
The sites are blocked by squidguard. When I try to access to a blocked site, squid writes to log:
1444143397.968 22 192.168.178.100 TCP_MEM_HIT/200 1741 GET http://kproxy.com/ eyakushev@MYCOMPANY.RU NONE/- text/html
and redirects me to a webpage that contains an information that the requested page is blocked and so on.
I don't use disk caching, but I guess that if cached webpage (allowed) is taken from cache by user's request the status code would be the same and IN-CACHE column in report would be non-zero.
OK, it's not right to skip webpages taken from cache and not to take them into account.
I tried to block in another way, by using acl:
acl deny-fm-domain dstdomain .fm
http_access deny deny-fm-domain
And now when I try to access blocked domain, I get a squid's error webpage and squid writes to log:
1444143584.705 14 192.168.178.100 TCP_DENIED/403 7062 GET http://radio.fm/ eyakushev@MYCOMPANY.RU NONE/- text/html
In both cases siteuser report contains an information that I visited both sites, but really it was not so.
In the first case, is kbproxy.com the blocked site or the site to which you redirect the user when he or she accesses the blocked web site?
Visited sites can be excluded from the report with exclude_hosts. The option names a file where you list every sites to exclude from the report. Write one site per line. If kbproxy.com is the site where users are redirected, listing it in exclude_hosts will remove it from the reports.
If, on the other hand, it is the blocked site, then it would not be practical to list every blocked site in exclude_hosts. But I have no solution to propose. The information that the web site was blocked is simply not available in the line.
In the second case, TCP_DENIED/403 can be ignored too with the exclude_codes option. It also names a file where the HTTP code to ignore are listed one per line. Write the codes exactly as they are spelled in the log file (e.g. TCP_DENIED/403).
In the first case, kproxy.com is a blocked site. If I use redirector there is no way to see in access.log that access to this site was not granted. exlude_host is not applicable, because redirector may be configured to consist of several files, differing by type of site content.
In the second case. I don't want to exclude denied sites from the report. When I see a report of a particular user, I see all his visited and denied websites, but denied sites are marked as DENIED in extra column:
https://drive.google.com/open?id=0B-EqX7fFAVfpZFo4UVVvWnhfSXc
The main idea is that these denied sites are shown in site_user report, but user did not have an access to them.
I propose not to add these denied sites in site_user reporе and filter them by 403 status code, returned by squid.
But maybe it is not possible (or too complicated) to do the same for the first case.
Did I make myself clear? )
Last edit: Evgeniy Yakushev 2015-11-01