Chris Robertson-2 wrote:
>
> molybtek wrote:
>> We have squid running as an authenticating proxy using squid_ldap_auth.
>> In the access log, for normal connections, it records the username for
>> most
>> log entries.
>> However, for secure connections, the username field is blank. Are there
>> any
>> way to get Squid to record the username for those secure connections as
>> well?
>>
>
> If you require authentication for CONNECT requests, Squid will populate
> the log with the credentials used. Post your ACLs and http_access lines
> and we can help figure out where the mistake lies...
>
> Chris
>
>
The following are the acls and http_access lines in the squid.conf
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnets src 172.23.0.0/16
# SNMP ACLs
acl snmppublic snmp_community squidcommunity
snmp_port 3401
snmp_access allow snmppublic all
# ACL for Microsoft product activation addresses
acl ms_activate dstdomain productactivation.one.microsoft.com
acl ms_activate dstdomain wustat.windows.com
acl ms_activate2 dstdomain .microsoft.com
# Microsoft Updates
acl ms_update dstdomain .windowsupdate.microsoft.com:443
acl ms_update dstdomain .windowsupdate.microsoft.com:80
acl ms_update dstdomain .update.microsoft.com:80
acl ms_update dstdomain .windowsupdate.com:80
acl ms_update dstdomain download.microsoft.com:80
acl ms_update dstdomain ntservicepack.microsoft.com:80
acl ms_update dstdomain wustat.windows.com:80
acl ms_update dstdomain .update.microsoft.com:443
# Skype
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+:443
acl Skype_UA browser ^skype^
acl SSL_ports port 441 442 443 563 10000
acl FTP_ports port 21 # FTP
acl Messengers port 5050 # Yahoo
acl Messengers port 5190 # AOL
acl Messengers port 1863 # MSN
acl Messengers port 5222 # Gtalk
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 441-443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 10000 # Webmin
acl CONNECT method CONNECT
acl require_auth proxy_auth REQUIRED
acl ms_activateVista dstdomain go.microsoft.com
acl ms_activateVista dstdomain sls.microsoft.com
acl ms_activateVista dstdomain sls.microsoft.com:443
acl ms_activateVista dstdomain crl.microsoft.com/pki/crl/products
acl educationsite_allow dstdomain ce6hosting.blackboard.com/webct
acl educationsite_allow dstdomain 2007.pglms.com
http_access allow ms_activate2
http_access allow ms_activate
http_access allow ms_activateVista
http_access allow ms_update
http_access allow educationsite_allow
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow CONNECT Messengers
http_access allow CONNECT Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow require_auth
http_access deny all
For the log format, we are just using the standard squid format
access_log /var/log/squid/access.log squid
-- View this message in context: http://www.nabble.com/Recording-username-for-secure-connection-tp23326582p23351859.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Sun May 03 2009 - 01:41:43 MDT
This archive was generated by hypermail 2.2.0 : Sun May 03 2009 - 12:00:01 MDT