[squid-users] DENIED and ALLOWED at once?
Amos Jeffries
squid3 at treenet.co.nz
Wed Aug 24 13:23:07 UTC 2016
On 24/08/2016 3:55 a.m., Sergio Belkin wrote:
> 2016-08-19 17:22 GMT-03:00 Antony Stone <Antony.Stone at squid.open.source.it>:
>
>> On Friday 19 August 2016 at 20:41:11, Jok Thuau wrote:
>>
>>> On Fri, Aug 19, 2016 at 9:33 AM, Sergio Belkin <sebelk at gmail.com> wrote:
>>>> /var/log/squid/access.log
>>>> 192.168.50.41 - - [19/Aug/2016:12:19:45 -0300] "CONNECT
>>>> beap-bc.yahoo.com:443 HTTP/1.1" 407 4634 "-" "Mozilla/5.0 (Windows NT
>>>> 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" TCP_DENIED:HIER_NONE
>>>
>>> This is unauthenticated (notice the "- -" after the IP)
>>>
>>>> 192.168.50.41 - juan.perez [19/Aug/2016:12:19:45 -0300] "CONNECT
>>>> beap-bc.yahoo.com:443 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT
>> 6.1;
>>>> WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" TAG_NONE:HIER_DIRECT
>>>
>>> This one is authenticated (juan.perez). The code 407 in the first request
>>> means "proxy request authentication". So what happened here is that the
>>> user browsed, was asked for credentials (and maybe those were provided
>>> automatically), and then the request was resent with the creds included.
>>
>> Given the timestamps (both 12:19:45; no time for a human to enter
>> credentials
>> at a prompt) the browser did this automatically, and invisibly to the user.
>>
>
>
> Exactly it does so, but I wonder if TCP_DENIED is the proper message here.
>
> It's a case of "client must first authenticate itself with the proxy" (
> https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html), perhaps I'm
> wrong, but would something such as TCP_UNAUTHORIZED be better?
>
'Unauthorized' is what DENIED means. That is not related to the 407
(*Authenticate* required).
The textual part is indicating what actions Squid has taken. DENIED
means a denial/error page was generated. In this case referring to the
payload it sent on the 407 response.
The 407 means "Authentication Required". Repeating that in the textual
tag would be redundant and also no cover the subtle event cases properly ...
Specifically, in uncommon cases a 407 can also be logged with other tags
like HIT (the response was stored in cache for some reason - not
produced due to authenticator activity), and MISS (upstream proxy
generated the 407), or even REFRESH etc.
Amos
More information about the squid-users
mailing list