Chris Robertson-2 wrote: > > molybtek wrote: >> We have squid running as an authenticating proxy using squid_ldap_auth. >> In the access log, for normal connections, it records the username for >> most >> log entries. >> However, for secure connections, the username field is blank. Are there >> any >> way to get Squid to record the username for those secure connections as >> well? >> > > If you require authentication for CONNECT requests, Squid will populate > the log with the credentials used. Post your ACLs and http_access lines > and we can help figure out where the mistake lies... > > Chris > > The following are the acls and http_access lines in the squid.conf acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl localnets src 172.23.0.0/16 # SNMP ACLs acl snmppublic snmp_community squidcommunity snmp_port 3401 snmp_access allow snmppublic all # ACL for Microsoft product activation addresses acl ms_activate dstdomain productactivation.one.microsoft.com acl ms_activate dstdomain wustat.windows.com acl ms_activate2 dstdomain .microsoft.com # Microsoft Updates acl ms_update dstdomain .windowsupdate.microsoft.com:443 acl ms_update dstdomain .windowsupdate.microsoft.com:80 acl ms_update dstdomain .update.microsoft.com:80 acl ms_update dstdomain .windowsupdate.com:80 acl ms_update dstdomain download.microsoft.com:80 acl ms_update dstdomain ntservicepack.microsoft.com:80 acl ms_update dstdomain wustat.windows.com:80 acl ms_update dstdomain .update.microsoft.com:443 # Skype acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+:443 acl Skype_UA browser ^skype^ acl SSL_ports port 441 442 443 563 10000 acl FTP_ports port 21 # FTP acl Messengers port 5050 # Yahoo acl Messengers port 5190 # AOL acl Messengers port 1863 # MSN acl Messengers port 5222 # Gtalk acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 441-443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 10000 # Webmin acl CONNECT method CONNECT acl require_auth proxy_auth REQUIRED acl ms_activateVista dstdomain go.microsoft.com acl ms_activateVista dstdomain sls.microsoft.com acl ms_activateVista dstdomain sls.microsoft.com:443 acl ms_activateVista dstdomain crl.microsoft.com/pki/crl/products acl educationsite_allow dstdomain ce6hosting.blackboard.com/webct acl educationsite_allow dstdomain 2007.pglms.com http_access allow ms_activate2 http_access allow ms_activate http_access allow ms_activateVista http_access allow ms_update http_access allow educationsite_allow http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access allow CONNECT Messengers http_access allow CONNECT Safe_ports http_access deny CONNECT !SSL_ports http_access allow require_auth http_access deny all For the log format, we are just using the standard squid format access_log /var/log/squid/access.log squid -- View this message in context: http://www.nabble.com/Recording-username-for-secure-connection-tp23326582p23351859.html Sent from the Squid - Users mailing list archive at Nabble.com.
