[squid-users] Log 407-transactions when username is known
Amos Jeffries
squid3 at treenet.co.nz
Mon Feb 20 09:14:17 UTC 2023
On 20/02/2023 7:24 pm, Andrey K wrote:
> Hello Amos,
>
> Thank you for your recommendations.
> I modified negotiate_wrapper_auth to parse NTLM tokens and to set the
> user attribute in AV-pairs,
> so now I can configure the desired logging using acl note-type.
>
> But I also have BASIC authentication type users.
> Usernames of those users are known to the squid even if they type
> wrong passwords, but the user-attribute is not set in the note-list
> in such transactions.
> Should I write a new wrapper script for the BASIC-authentication to
> set the user-attribute, or I can check if the username is known
> without using wrapper?
>
The username of Basic auth should be known and available with %un or %ul
whenever the client provides one.
If not, then yes you will have to add a wrapper there too to send user=
on ERR responses.
HTH
Amos
More information about the squid-users
mailing list