Re: SQUID 2.2-STABLE3 access.log Question

From: Henrik Nordstrom <>
Date: Sat, 02 Oct 1999 14:20:07 +0200

James Porter wrote:

> authorized user data fits in the SQUID log with no success. Is the SQUID
> standard access.log file omitting this data? The ITEM 1 line is from a
> .HTACCESS protected directory and yet I cannot find a user field.

Squid logs user names if the user is authenticated by Squid. It won't
show user names authenticated by origin server(s).

If you use log_mime_hdr (as you did) then every tiny detail of the
request and reply is logged, and you can extract anything from it that
is available in HTTP:
 * User names + passwords to HTTP servers where Basic authentication is
 * User names + passwords used to authorize use of the proxy
 * Cookies
 * Browser model
 * Language settings
 * What type of objects they got
 * When those objects was last modified
 * Type of web server used to host the object
 * The time on the origin server
 and a lot more.

The following perl fragment can be used to convert Basic HTTP
authorization information to plain text:

$encoded = $ARGV[0];
$encoded =~ tr#A-Za-z0-9\`/# -_=#; # convert to uuencoded
$len = pack("c", 32 + 0.75*length($encoded)); # compute length byte
print unpack("u", $len . $encoded); # uudecode and print

You may want to change the password for
which was encoded in your previous post, and therefore publically
published on the Internet.

Henrik Nordstrom
Received on Sat Oct 02 1999 - 06:44:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:41 MST