[squid-users] Alternative ways of tracking users on unauthenticated proxy

Mr J Potter jpotter833 at because.org.uk
Tue May 26 12:07:27 UTC 2015 

OK - got it working...

added the lines:

external_acl_type userlookup ttl=60 concurrency=1 %SRC
/opt/squid354/libexec/ext_sql_session_acl -dsn DBI:mysql:database=pf --user
root --password xxx --table  currentUsers --uidcol ip  --usercol uid
--tagcol ip --persist
acl userlookup external userlookup
http_access allow localnet userlookup
http_access allow localnet

Now I get this in my logfiles:
10.15.228.12 - 0001 [26/May/2015:12:56:23 +0100] "POST
http://www.bing.com/fd/ls/lsp.aspx HTTP/1.1" 204 391 TCP_MISS:ORIGINAL_DST

I'll write all this up somewhere, as variations on what I have here is what
people are always asking for:
- Users log in via a web page, not a 407 popup box
- Authenticates to AD
- Users are filtered depending on who they are (via squidGuard)
- Logs activity against users
- logs them all off at a particular time
- No proxy settings (intercept HTTP+HTTPS)


thanks,

Jim Potter
Network Manager
Oasis Brislington (formerly Brislington Enterprise College)

On 26 May 2015 at 11:39, Mr J Potter <jpotter833 at because.org.uk> wrote:

> Hi Amos,
>
> OK this looks promising (if not actually working...)
>
> So I have a config line:
> external_acl_type userlookup ttl=60 %SRC
> /opt/squid354/libexec/ext_sql_session_acl -dsn DBI:mysql:database=pf --user
> root --password xxxx --table currentUsers --uidcol ip  --usercol uid
> --tagcol ip --persist --debug
>
> Where currentUsers looks like:
> mysql> select * from currentUsers;
> +------+--------------+---------+
> | uid  | ip           | enabled |
> +------+--------------+---------+
> | 0003 | 10.15.228.12 | 1       |
> +------+--------------+---------+
>
> so running this externally I use:
>
> /opt/squid354/libexec/ext_sql_session_acl -dsn DBI:mysql:database=pf
> --user root --password fv89j8j6eg2 --table currentUsers --uidcol ip
> --usercol uid --tagcol ip --debug
>
> this replies with a username if I put in:
> <anything> 10.15.228.12
>
> So what is the <anything> about? And I'm still not getting any username in
> my logfiles. Do I need to use the acl name somewhere else in the config
> file too?
>
> thanks,
>
> Jim Potter
> Network Manager
> Oasis Brislington (formerly Brislington Enterprise College)
>
> On 25 May 2015 at 12:07, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>> On 25/05/2015 8:38 p.m., Mr J Potter wrote:
>> > Hi all,
>> >
>> > I'm setting up a system for using iPads in our school, and I'm stuck a
>> bit
>> > on tracking what the students are doing on them.
>> >
>> > First up, I reaaly don't want a Pop-up login box from a 407 response
>> from a
>> > proxy server, so I'm looking for some other way to track who is doing
>> what.
>> >
>> > What i have set up so far is PacketFence with an SSL-bump transparent
>> proxy
>> > (I've put the CAs o all the ipads) which works well in that users have
>> to
>> > log in before they get internet access. This works (they get a web page,
>> > login and get 50 minutes of internet before it disconnects them), but
>> the
>> > only way I have of tracking users is by working out who was on each ipad
>> > (from packetfence) then matching it against squid logs, which is messy.
>>
>> Squid comes bundled with a ext_sql_session_acl helper that looks up a
>> database and produces OK/ERR (and username for logging) depending on
>> whether the key given to it exists in the DB already.
>> <http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html>
>>
>> You just need to get an UID metric. IP address, MAC address, and/or
>> EUI-64 (IPv6 link-local) are suitable there. It sounds like your
>> packetfence would be a good way to populate that DB too.
>>
>> >
>> > One plan I had would be to add/remove entries in dns or hosts for users,
>> > eg  IP address 10.2.3.4   -> hostname  fbloggs  (the user's login code)
>> so
>> > usernames would show up in the client hostname field, but squid caches
>> > these I think.
>>
>> Yes. Dont do that with DNS.
>>
>> Amos
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150526/2574863a/attachment.html>

More information about the squid-users mailing list