On Wed, 07 Apr 2010 19:12:53 -0700, "Mellem, Dan"
<Dan.Mellem_at_pomona.k12.ca.us> wrote:
> Hi,
>
> We're running Squid version 2.6. In our configuration, some URLs require
> proxy authentication so we use the squid_ldap_auth helper with basic
> auth. Everything works fine.
>
> We would like to log any password failures, including the source IP
> address, to track down password guessers. The failure could be logged to
> access.log or to another log. Only successful requests are logged
> currently. Is there any way to log authentication failures?
They _are_ logged by default.
Reply status codes 401 and 407 in access.log are failed www-server and
proxy authentication attempts respectively which were re-challenged. Other
denials will be logged with other 4xx codes.
>
> I've been digging through acl.c, authenticate.c, and client_side.c to
> see if there's something in there, but I'm not familiar with the source.
> I could log from the helper but only the username and password are
> available to it.
>
> Just in case any of this is helpful, here are a few lines from the
> config:
>
> emulate_httpd_log on
> auth_param basic program /usr/local/squid/libexec/multi_auth
> access_log /usr/local/squid/var/logs/access.log
> acl authenticated proxy_auth REQUIRED
> (other ACLs)
> http_access allow no_auth
> http_access allow no_auth_dst
> http_access allow no_auth_regex
> http_access deny wireless
> http_access allow authenticated
> http_access deny all
>
Problem: None of your ACL involve denial based on auth credentials.
Therefore bad auth credentials will never be challenged, only the general
access denied will ever happen.
So ... non-working credentials may show up in the access.log as a 404/403
status with NONE/- for the source information.
Amos
Received on Thu Apr 08 2010 - 02:32:36 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 08 2010 - 12:00:03 MDT