Re: [squid-users] auto blacklist users

From: ian j hart <ianjhart@dont-contact.us>
Date: Fri, 7 Dec 2007 19:25:02 +0000

On Friday 07 December 2007 00:58:31 Adrian Chadd wrote:
> So if I get this right, you'd like to log the acl list that passed or
> failed the user?
>
>
>
> Adrian

Near enough.

I want to log the aclname (or custom error page name) and the username. I'll
probably want the url in short order, followed by anything else that proves
useful.

I want to do this for users who are denied access.

[The more general solution you state above would probably be okay too. I might
need to add DENY/ACCEPT so I can include that in the regexp.]

<tangent>
Here's an example of how this might be generally useful. I have thee different
proxy ACLs.

A url_regexp
A dstdomain list harvested from a popular list site
A "daily" list gleaned from yesterdays access summary

Which one matched? (This is where the url would be nice)

You can get this info by raising the log level, but not on one line, which
makes parsing evil. And each file is more verbose too.

[A "full monty" implementation would be a separate match.log file defaulting
to "none"]
</tangent>

Here's part of client_side.c

    if (answer == ACCESS_ALLOWED) {
...
    } else {
        int require_auth = (answer == ACCESS_REQ_PROXY_AUTH ...
        debug(33, 5) ("Access Denied: %s\n", http->uri);
-> debug(33, 5) ("AclMatchedName = %s\n",
            AclMatchedName ? AclMatchedName : "<null>");

That's half what I need straight away!

The problem is that this is called more than once. e.g.

passwd
blockproxies
blockproxies

First one is the auth, second is the url match, and third is the error page (I
think).

I can easily _not match_ the passwd ACL, but If I'm counting 'strikes' it
would be cleaner if blockproxies were logged just the once.

And that's where I came in.

Is there a better place for this, what should be a one liner. The error page
is only returned once, right? Which Is why I thought somewhere near there
would be about right. Just need a clue from someone who sees the whole
picture.

If you read this far, well done :)

Thanks

-- 
ian j hart
Received on Fri Dec 07 2007 - 12:25:21 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST