[squid-users] Logging failed authentication requests

From: Mellem, Dan <Dan.Mellem_at_pomona.k12.ca.us>
Date: Wed, 07 Apr 2010 19:12:53 -0700

Hi,

We're running Squid version 2.6. In our configuration, some URLs require
proxy authentication so we use the squid_ldap_auth helper with basic
auth. Everything works fine.

We would like to log any password failures, including the source IP
address, to track down password guessers. The failure could be logged to
access.log or to another log. Only successful requests are logged
currently. Is there any way to log authentication failures?

I've been digging through acl.c, authenticate.c, and client_side.c to
see if there's something in there, but I'm not familiar with the source.
I could log from the helper but only the username and password are
available to it.

Just in case any of this is helpful, here are a few lines from the
config:

emulate_httpd_log on
auth_param basic program /usr/local/squid/libexec/multi_auth
access_log /usr/local/squid/var/logs/access.log
acl authenticated proxy_auth REQUIRED
(other ACLs)
http_access allow no_auth
http_access allow no_auth_dst
http_access allow no_auth_regex
http_access deny wireless
http_access allow authenticated
http_access deny all

Thank you,
-Dan
Received on Thu Apr 08 2010 - 02:12:51 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 10 2010 - 12:00:03 MDT