[squid-users] Log 407-transactions when username is known
Amos Jeffries
squid3 at treenet.co.nz
Fri Feb 17 20:20:45 UTC 2023
On 18/02/2023 7:29 am, Amos Jeffries wrote:
> On 17/02/2023 7:29 pm, Andrey K wrote:
>> Hello,
>>
>> I would like to disable logging of 407-errors, except when the
>> username is known.
>> Is it possible to configure?
>
> Assuming that you have the wrapper script from your previous request
> about always logging usernames you should be able to use a note type
> ACL like so:
>
> acl knownUser note user
> access_log ... on-error=drop http-407 !knownUser
>
>
>>
>> I have now the log configured:
>> acl http-407 http_status 407
>> access_log daemon:/var/log/squid/access.log logformat=extended-squid
>> on-error=drop !http-407
>>
>> But I would also like to see authentication errors when a user types
>> the wrong password (the username is known in these cases).
>>
>
> With most HTTP authentication you could rely on all 407 meaning bad or
> unknown credentials. But NTLM (ab)uses that code for its handshake
> type-2 response, so you one distinguish a failed from an incomplete
> authentication.
That was meant to say "so one cannot distinguish a failed from an
incomplete authentication."
>
> At this point you are already wrapping and re-writing most of the
> NTLM->Squid helper traffic. You could adjust the challenge to also use
> the current helper syntax with a custom note to log. But I recommend
> just upgrading your systems to Kerberos which will avoid a lot of
> these complications entirely.
>
> Cheers
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list