[squid-users] Log 407-transactions when username is known

Andrey K ankor2023 at gmail.com
Mon Feb 20 10:07:17 UTC 2023


Thank you very much, Amos,

I have checked that both variables %un and %ul are set in squid during
failed BASIC-authentications.
But I do not know how to use them in ACL. I need an ACL that triggers if
%un is set (to log such transactions).




пн, 20 февр. 2023 г. в 12:14, Amos Jeffries <squid3 at treenet.co.nz>:

> On 20/02/2023 7:24 pm, Andrey K wrote:
> > Hello Amos,
> >
> > Thank you for your recommendations.
> > I modified negotiate_wrapper_auth to parse NTLM tokens and to set the
> > user attribute in AV-pairs,
> > so now I can configure the desired logging using acl note-type.
> >
> > But I also have BASIC authentication type users.
> > Usernames of those users are known to the squid even if they type
> > wrong passwords, but  the user-attribute is not set in the note-list
> > in such transactions.
> > Should I write a new wrapper script for the BASIC-authentication to
> > set the user-attribute, or I can check if the username is known
> > without using wrapper?
> >
>
> The username of Basic auth should be known and available with %un or %ul
> whenever the client provides one.
> If not, then yes you will have to add a wrapper there too to send user=
> on ERR responses.
>
> HTH
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230220/529d085f/attachment-0001.htm>


More information about the squid-users mailing list