Re: User-based report.

From: Jason Haar <Jason.Haar@dont-contact.us>
Date: Tue, 8 Feb 2000 09:04:16 +1300

On Mon, Feb 07, 2000 at 11:00:20AM +0000, Peter Polkinghorne wrote:
> requests. IIRC there may be a problem with the first request.

Absolutely - that's the way the browser finds out the proxy server requires
authentication. The first time a browser attempts to use the proxy server to
reach a URL that requires proxy server authentication, it doesn't know that
is required, so it sends a request with no auth information. Then the proxy
server responds with a "authentication required" error code, which causes
the browser to block and popup a window for the user to input their
usercode/password. At that stage the browser retries the last request - this
time with the auth info and away you go.

So what you could do is remove from your logs all "TCP_DENIED/407 " entries
that have no usercode present (i.e. "-"). The rest of the "TCP_DENIED/407 "
entries will be failed login attempts - which you should be taking notice
of...

-- 
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
               
Received on Mon Feb 07 2000 - 13:13:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:00 MST