[squid-users] [Squid 4.x]: Truncated accounts when there is spaces in usernames

Amos Jeffries squid3 at treenet.co.nz
Sat Oct 24 03:44:40 UTC 2015


On 24/10/2015 1:29 p.m., David Touzeau wrote:
> 
> Hi all.
> 
> I'm testing squid 4.x with Active Directory connection.
> 
> When there are spaces in logged accounts eg : "Jhon Rambo" squid use
> only the last string in logon user "Rambo".
> 
> This corrupted account is used in all ACLS and events too and all acls
> matches Rambo and not "Jhon Rambo"
> 
> This behavior can be replicated in Squid 3.5x branchs too and be
> replicated in both LDAP/NTLM methods.
> 
> * * It should be a security issue and an issue according governments
> laws * *
> 
> 1) If we create acls for the account "Rambo" that is - an another person
> - of "Jhon Rambo" , Jhon Rambo aka "Rambo" for squid use the same ACLs
> as "Rambo" account.
> 2) In Europe we must keep Squid logs for the police during 1 year
> according Justice needs. This corruption break logs validity according
> Squid did not reflect the real connected username.
> 
> How to fix it ?

Start with whats in your squid.con settings. proxy_auth values, helper
settings.

Then go on to what the helper protocol is transmitting. both request and
reply lines from the auth and external ACL helpers.

Whitespace in user labels is not always dealt with nicely.

Amos


More information about the squid-users mailing list