[squid-users] Unable to get username in logs for access denied(HTTP 407)

santosh santosh.pai at vigyanlabs.com
Wed Nov 19 09:36:49 UTC 2014


Hello Team,

We have setup squid proxy server and the backend authentication is through
Open LDAP . each user is given with an unique id and password . We have been
tracking the logs for accessdenied results , it has been found that squid
hasn't been logging the username ,in the place there is  - HIER_NONE/- ,
below are sample log .What could be the reason ?

1414651057.911      0 192.168.4.101 TCP_DENIED/407 3787 CONNECT
ie.search.yahoo.com:443 - HIER_NONE/- text/html
1414651057.913      0 192.168.4.101 TCP_DENIED/407 3787 CONNECT
ie.search.yahoo.com:443 - HIER_NONE/- text/html
1414651057.922      0 192.168.4.101 TCP_DENIED/407 3787 CONNECT
ie.search.yahoo.com:443 - HIER_NONE/- text/html
1414651074.126      1 192.168.4.101 TCP_DENIED/407 4394 GET
http://www.search.ask.com/? - HIER_NONE/- text/html
1414651082.981      0 192.168.4.101 TCP_DENIED/407 4572 GET
http://www.search.ask.com/? irfan HIER_NONE/- text/html
1414651087.111      0 192.168.4.101 TCP_DENIED/407 4572 GET
http://www.search.ask.com/? irfan HIER_NONE/- text/html
1414651093.587    987 192.168.4.101 TCP_MISS/200 8357 GET
http://www.search.ask.com/? irfan HIER_DIRECT/184.30.62.3 text/html
1414651094.041     10 192.168.4.101 TCP_MISS/204 360 GET
http://b.scorecardresearch.com/b? irfan HIER_DIRECT/122.178.225.18 -
1414651101.412      1 192.168.4.101 TCP_DENIED/407 3516 CONNECT
38.113.165.83:443 - HIER_NONE/- text/html
1414651101.412      1 192.168.4.101 TCP_DENIED/407 3516 CONNECT
38.113.165.83:443 - HIER_NONE/- text/html
1414651103.077      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
38.113.165.83:443 - HIER_NONE/- text/html
1414651108.953      0 192.168.4.101 TCP_DENIED/407 4165 GET
http://www.google.co.in/ - HIER_NONE/- text/html
1414651116.389    116 192.168.4.101 TCP_MISS/302 684 GET
http://www.google.co.in/ irfan HIER_DIRECT/74.125.236.88 text/html
1414651117.243      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
38.113.165.77:443 - HIER_NONE/- text/html
1414651117.291      1 192.168.4.101 TCP_DENIED/407 3516 CONNECT
38.113.165.77:443 - HIER_NONE/- text/html
1414651117.291      1 192.168.4.101 TCP_DENIED/407 3516 CONNECT
38.113.165.77:443 - HIER_NONE/- text/html
1414651120.944      1 192.168.4.101 TCP_DENIED/407 3519 CONNECT
62.128.100.131:443 - HIER_NONE/- text/html
1414651120.944      1 192.168.4.101 TCP_DENIED/407 3519 CONNECT
62.128.100.131:443 - HIER_NONE/- text/html
1414651123.223      0 192.168.4.101 TCP_DENIED/407 3519 CONNECT
62.128.100.109:443 - HIER_NONE/- text/html
1414651127.362      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
38.113.165.86:443 - HIER_NONE/- text/html
1414651128.701  12257 192.168.4.101 TCP_MISS/200 38964 CONNECT
www.google.co.in:443 irfan HIER_DIRECT/74.125.236.88 -
1414651129.651      0 192.168.4.101 TCP_DENIED/407 3522 CONNECT
202.177.216.227:443 - HIER_NONE/- text/html
1414651131.947      0 192.168.4.101 TCP_DENIED/407 3522 CONNECT
202.177.216.236:443 - HIER_NONE/- text/html
1414651132.294      0 192.168.4.101 TCP_DENIED/407 4165 GET
http://www.google.co.in/ - HIER_NONE/- text/html
1414651132.452    104 192.168.4.101 TCP_MISS/302 684 GET
http://www.google.co.in/ irfan HIER_DIRECT/74.125.236.88 text/html
1414651134.307      0 192.168.4.101 TCP_DENIED/407 3522 CONNECT
202.177.216.230:443 - HIER_NONE/- text/html
1414651162.016      0 192.168.4.101 TCP_DENIED/407 3719 CONNECT
iecvlist.microsoft.com:443 - HIER_NONE/- text/html
1414651221.771      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
62.128.100.37:443 - HIER_NONE/- text/html
1414651224.051      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
62.128.100.45:443 - HIER_NONE/- text/html
1414651231.091      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
62.128.100.45:443 - HIER_NONE/- text/html
1414651247.463      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
62.128.100.35:443 - HIER_NONE/- text/html
1414651247.474      0 192.168.4.101 TCP_DENIED/407 3516 CONNECT
62.128.100.45:443 - HIER_NONE/- text/html




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Unable-to-get-username-in-logs-for-access-denied-HTTP-407-tp4668460.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list