[squid-users] Log 407-transactions when username is known
Amos Jeffries
squid3 at treenet.co.nz
Fri Feb 17 18:29:37 UTC 2023
On 17/02/2023 7:29 pm, Andrey K wrote:
> Hello,
>
> I would like to disable logging of 407-errors, except when the
> username is known.
> Is it possible to configure?
Assuming that you have the wrapper script from your previous request
about always logging usernames you should be able to use a note type ACL
like so:
acl knownUser note user
access_log ... on-error=drop http-407 !knownUser
>
> I have now the log configured:
> acl http-407 http_status 407
> access_log daemon:/var/log/squid/access.log logformat=extended-squid
> on-error=drop !http-407
>
> But I would also like to see authentication errors when a user types
> the wrong password (the username is known in these cases).
>
With most HTTP authentication you could rely on all 407 meaning bad or
unknown credentials. But NTLM (ab)uses that code for its handshake
type-2 response, so you one distinguish a failed from an incomplete
authentication.
At this point you are already wrapping and re-writing most of the
NTLM->Squid helper traffic. You could adjust the challenge to also use
the current helper syntax with a custom note to log. But I recommend
just upgrading your systems to Kerberos which will avoid a lot of these
complications entirely.
Cheers
Amos
More information about the squid-users
mailing list