服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Squid仅logging特定请求的NTLM用户名
Intereting Posts
在Ubuntu的Jenkins:桌面或服务器安装? HAProxy mysqlconfiguration PCIe SSD vs SSD vs SAS – 哪个最适合数据库? 如果我想使用elasticsearch,那么安装哪个apt-get包? Windows启动脚本工作,但没有接口 具有不同MAC地址的虚拟接口 为什么iptables命令抛出错误? 如果PHP MAIL函数可以使用它,我们公司的SMTP服务器有多安全? 公钥authentication在端口22上失败,但在备用端口上成功 如何在没有tc的情况下限制OpenVZ容器内的带宽? 具有多个env的Apache CustomLog nginx passenger_root不接受有效的乘客gem位置 VMWare虚拟机黑色控制台/ APIPA 使用Active Directory的LDAP over SSL有多重要? 停用Exchange 2013服务器 – 检查是否有任何电子邮件stream经

Squid仅logging特定请求的NTLM用户名

目前我有鱿鱼3.2安装与NTLM身份validation和LDAP组拉。 我也有MySar运行拉动报告。

看来,伐木工作的方式是通过两次,一次是authentication,一次是接受。 但是,被拒绝的事情没有logging用户名,这使得鱿鱼很难解决办公室的某些问题,考虑到我们有一个IP地址有多个用户的terminal服务器。

所以我想我的问题是,是否有任何解决方法呢? 无论如何改变它的日志方式,所以我们知道是否有什么被拒绝的用户是什么?

我的squid.conf 

#======================= # NTLM AUTHENTICATION > #======================= auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param ntlm keep_alive on #auth_param ntlm max_challenge_lifetime_reuses 5 #=============================== # EXTERNAL ACL TO PULL GROUPS > #=============================== external_acl_type nt_group %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl #======================= # ACL > #======================= #ACL for Groups acl CustomerServiceGroup external nt_group CustomerService acl InternetToolsGroup external nt_group InternetTools acl AllCustomerInternetSitesGroup external nt_group AllCustomerInternetSites acl UnrestrictedGroup external nt_group UnrestrictedInternet acl WarehouseGroup external nt_group Warehouse # Security Provisions #acl manager proto cache_object #acl localhost src 127.0.0.1/32 ::1 #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 #The Network acl Thenetwork src 10.10.0.0/16 acl ntlm proxy_auth REQUIRED # ANTI-PROXY GROUP acl ProxyBL dstdomain "/etc/squid/global/BL-proxy.txt" # WHITELIST GROUPS acl CallCenterWL dstdomain "/etc/squid/callcenter/WL-callcenter.txt" #acl WarehouseWL dstdomain "/etc/squid/warehouse/WL-warehouse.txt" # BLACKLIST GROUPS #acl CallCenterBL dstdomain "/etc/squid/callcenter/BL-callcenter.txt" # Keywords Whitelist #acl CallCenterKW url_regex -i "/etc/squid/callcenter/KW-callcenter.txt" # Keywords Blacklist acl GlobalKW url_regex -i "/etc/squid/global/KW-global.txt" # Ports acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #=================== # ACL RULES > #=================== # Global Blacklist #http_access deny Blacklist all # Global Deny Blacklist and Keyword filters http_access deny GlobalKW all http_access deny ProxyBL all # Unrestricted Group allow all http_access allow all UnrestrictedGroup ntlm # Enabled Whitelist & Keywords #http_access allow CallCenterKW InternetToolsGroup ntlm # Activates Whitelist http_access allow CallCenterWL CustomerServiceGroup ntlm http_access allow CallCenterWL InternetToolsGroup ntlm http_access allow CallCenterWL AllCustomerInternetSitesGroup ntlm # WarehouseGroup Restriction http_access deny all WarehouseGroup # Only allow cachemgr access from localhost #http_access allow manager localhost #http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # TheNetwork allow with auth * Allows everything, only enable when needed * #http_access allow Thenetwork ntlm # Deny CONNECT to other than secure SSL ports #http_access deny CONNECT !SSL_ports #===================== # ACL ACCESS RULES > #===================== # Allow any keywords #http_access allow CallCenterKW ntlm # Allow only the whitelist #http_access allow CallCenterWL ntlm # Deny anything not on the whitelist #http_access deny !CallCenterWL # Deny everything else http_access deny all #================ # CONFIG MISC > #================ #Cache administrator Email cache_mgr [email protected] # Squid normally listens to port 3128 http_port 8080 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 #useragent_log /var/log/squid/user.log #access_log /var/log/squid/naccess.log squid # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 #debug_options ALL,9

我的access.log 

 1362426657.752 0 10.10.7.71 TCP_DENIED/403 3956 GET http://www.porn.com/ - HIER_NONE/- text/html 1362426722.483 154 10.10.7.71 TCP_MISS/200 1841 GET http://media.washingtonpost.com/wp-srv/css/global.css alucas HIER_DIRECT/24.143.206.89 text/css

请注意被拒绝的网站如何返回没有用户,但是被接受的网站却logging了一个用户名。

我敢肯定,这只是我失踪,或做错了。 任何帮助将不胜感激。

谢谢,亚伦