Thank you very much, Amos,
I have checked that both variables %un and %ul are set in squid during failed BASIC-authentications.
But I do not know how to use them in ACL. I need an ACL that triggers if %un is set (to log such transactions).
пн, 20 февр. 2023 г. в 12:14, Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 20/02/2023 7:24 pm, Andrey K wrote:
> Hello Amos,
>
> Thank you for your recommendations.
> I modified negotiate_wrapper_auth to parse NTLM tokens and to set the
> user attribute in AV-pairs,
> so now I can configure the desired logging using acl note-type.
>
> But I also have BASIC authentication type users.
> Usernames of those users are known to the squid even if they type
> wrong passwords, but the user-attribute is not set in the note-list
> in such transactions.
> Should I write a new wrapper script for the BASIC-authentication to
> set the user-attribute, or I can check if the username is known
> without using wrapper?
>
The username of Basic auth should be known and available with %un or %ul
whenever the client provides one.
If not, then yes you will have to add a wrapper there too to send user=
on ERR responses.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
