Re: [squid-users] NTLM lose username

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 27 Aug 2002 10:10:23 +0200

On Tuesday 27 August 2002 09.54, Mrvka Andreas wrote:

> a new NTLM connection really opens first 2 denied responses,
> which are stored in the access.log????
> can i do some kind of prevent writing these 2 senseless entries?

Yes, by changing the code not to log these entries, but you then risk
this being abused by hackers etc to avoid logging when trying to
attack the proxy.

> in my opinion, the access.log is growing extremly big and i can't
> imagine that its usefull for log-examination when there is so much
> ... tcp/denied for anonymous user

Well.. access.log tries to reflect the traffic taking place. These
denied requests are part of the traffic.

If you do not want to include them in log processing then you can
relatively easily filter away TCP_DENIED/407 with no username by
using a small Perl or AWK script before the logs is sent to your log
processor.

Regards
Henrik
Received on Tue Aug 27 2002 - 02:13:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:50 MST