On 24/08/2016 3:55 a.m., Sergio Belkin wrote: > 2016-08-19 17:22 GMT-03:00 Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx>: > >> On Friday 19 August 2016 at 20:41:11, Jok Thuau wrote: >> >>> On Fri, Aug 19, 2016 at 9:33 AM, Sergio Belkin <sebelk@xxxxxxxxx> wrote: >>>> /var/log/squid/access.log >>>> 192.168.50.41 - - [19/Aug/2016:12:19:45 -0300] "CONNECT >>>> beap-bc.yahoo.com:443 HTTP/1.1" 407 4634 "-" "Mozilla/5.0 (Windows NT >>>> 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" TCP_DENIED:HIER_NONE >>> >>> This is unauthenticated (notice the "- -" after the IP) >>> >>>> 192.168.50.41 - juan.perez [19/Aug/2016:12:19:45 -0300] "CONNECT >>>> beap-bc.yahoo.com:443 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT >> 6.1; >>>> WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" TAG_NONE:HIER_DIRECT >>> >>> This one is authenticated (juan.perez). The code 407 in the first request >>> means "proxy request authentication". So what happened here is that the >>> user browsed, was asked for credentials (and maybe those were provided >>> automatically), and then the request was resent with the creds included. >> >> Given the timestamps (both 12:19:45; no time for a human to enter >> credentials >> at a prompt) the browser did this automatically, and invisibly to the user. >> > > > Exactly it does so, but I wonder if TCP_DENIED is the proper message here. > > It's a case of "client must first authenticate itself with the proxy" ( > https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html), perhaps I'm > wrong, but would something such as TCP_UNAUTHORIZED be better? > 'Unauthorized' is what DENIED means. That is not related to the 407 (*Authenticate* required). The textual part is indicating what actions Squid has taken. DENIED means a denial/error page was generated. In this case referring to the payload it sent on the 407 response. The 407 means "Authentication Required". Repeating that in the textual tag would be redundant and also no cover the subtle event cases properly ... Specifically, in uncommon cases a 407 can also be logged with other tags like HIT (the response was stored in cache for some reason - not produced due to authenticator activity), and MISS (upstream proxy generated the 407), or even REFRESH etc. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users