(proxy) add option to ignore subnets from getting into the access log (…

…#287)
opnsense · Jul 29, 2015 · c51ac45 · c51ac45
1 parent 790586b
commit c51ac45
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -30,6 +30,17 @@
                 <help><![CDATA[Enable store logging.]]></help>
                 <advanced>true</advanced>
             </field>
+            <field>
+                <id>proxy.general.logging.ignoreLogACL</id>
+                <label>Ignore hosts in access.log</label>
+                <type>select_multiple</type>
+                <style>tokenize</style>
+                <help>
+                    <![CDATA[Type subnets/addresses you want to ignore for the access.log <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
+                <hint>Type subnet adresses (ex. 192.168.2.0/24)</hint>
+                <allownew>true</allownew>
+                <advanced>true</advanced>
+            </field>
             <field>
                 <id>proxy.general.alternateDNSservers</id>
                 <label>Use alternate DNS-servers</label>

diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -26,6 +26,9 @@
                         <Required>Y</Required>
                     </storeLog>
                 </enable>
+                <ignoreLogACL type="CSVListField">
+                    <Required>N</Required>
+                </ignoreLogACL>
             </logging>
             <alternateDNSservers type="CSVListField">
                 <Required>N</Required>

diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -289,12 +289,18 @@ refresh_pattern .		0	20%	4320
 dns_v4_first on
 {%      endif %}
 {% endif %}
+
 {% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %}
 {%      if OPNsense.proxy.general.logging.enable.accessLog == '0' %}
 # Disable access logging
 access_log none
+{%      elif OPNsense.proxy.general.logging.ignoreLogACL|default('') != '' %}
+# ignore source hosts from access.log
+acl accesslog_ignore src {{ OPNsense.proxy.general.logging.ignoreLogACL.replace(',', ' ') }}
+access_log /var/log/squid/access.log squid !accesslog_ignore
 {%      endif %}
 {% endif %}
+
 {% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %}
 {%      if OPNsense.proxy.general.logging.enable.storeLog == '0' %}
 # Disable cache store log