目前,我已安装 squid 3.2,并启用了 NTLM 身份验证和 LDAP 组提取功能。我还运行了 MySar 来提取报告。
日志记录的工作方式似乎是传递两次,一次用于验证,一次用于接受。但是,对于被拒绝的内容,不会记录任何用户名,这使得 Squid 很难在办公室排除某些问题,因为我们的终端服务器在 1 个 IP 地址上有多个用户。
所以我想我的问题是,有没有什么解决方法?有没有办法改变它的记录方式,以便我们知道如果某事被拒绝了,是哪个用户?
我的 squid.conf
#=======================
# NTLM AUTHENTICATION >
#=======================
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm keep_alive on
#auth_param ntlm max_challenge_lifetime_reuses 5
#===============================
# EXTERNAL ACL TO PULL GROUPS >
#===============================
external_acl_type nt_group %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl
#=======================
# ACL >
#=======================
#ACL for Groups
acl CustomerServiceGroup external nt_group CustomerService
acl InternetToolsGroup external nt_group InternetTools
acl AllCustomerInternetSitesGroup external nt_group AllCustomerInternetSites
acl UnrestrictedGroup external nt_group UnrestrictedInternet
acl WarehouseGroup external nt_group Warehouse
# Security Provisions
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32 ::1
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#The Network
acl Thenetwork src 10.10.0.0/16
acl ntlm proxy_auth REQUIRED
# ANTI-PROXY GROUP
acl ProxyBL dstdomain "/etc/squid/global/BL-proxy.txt"
# WHITELIST GROUPS
acl CallCenterWL dstdomain "/etc/squid/callcenter/WL-callcenter.txt"
#acl WarehouseWL dstdomain "/etc/squid/warehouse/WL-warehouse.txt"
# BLACKLIST GROUPS
#acl CallCenterBL dstdomain "/etc/squid/callcenter/BL-callcenter.txt"
# Keywords Whitelist
#acl CallCenterKW url_regex -i "/etc/squid/callcenter/KW-callcenter.txt"
# Keywords Blacklist
acl GlobalKW url_regex -i "/etc/squid/global/KW-global.txt"
# Ports
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#===================
# ACL RULES >
#===================
# Global Blacklist
#http_access deny Blacklist all
# Global Deny Blacklist and Keyword filters
http_access deny GlobalKW all
http_access deny ProxyBL all
# Unrestricted Group allow all
http_access allow all UnrestrictedGroup ntlm
# Enabled Whitelist & Keywords
#http_access allow CallCenterKW InternetToolsGroup ntlm
# Activates Whitelist
http_access allow CallCenterWL CustomerServiceGroup ntlm
http_access allow CallCenterWL InternetToolsGroup ntlm
http_access allow CallCenterWL AllCustomerInternetSitesGroup ntlm
# WarehouseGroup Restriction
http_access deny all WarehouseGroup
# Only allow cachemgr access from localhost
#http_access allow manager localhost
#http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# TheNetwork allow with auth * Allows everything, only enable when needed *
#http_access allow Thenetwork ntlm
# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports
#=====================
# ACL ACCESS RULES >
#=====================
# Allow any keywords
#http_access allow CallCenterKW ntlm
# Allow only the whitelist
#http_access allow CallCenterWL ntlm
# Deny anything not on the whitelist
#http_access deny !CallCenterWL
# Deny everything else
http_access deny all
#================
# CONFIG MISC >
#================
#Cache administrator Email
cache_mgr [email protected]
# Squid normally listens to port 3128
http_port 8080
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
#useragent_log /var/log/squid/user.log
#access_log /var/log/squid/naccess.log squid
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#debug_options ALL,9
我的access.log
1362426657.752 0 10.10.7.71 TCP_DENIED/403 3956
GET http://www.porn.com/ - HIER_NONE/- text/html
1362426722.483 154 10.10.7.71 TCP_MISS/200 1841
GET http://media.washingtonpost.com/wp-srv/css/global.css
alucas HIER_DIRECT/24.143.206.89 text/css
请注意,被拒绝的网站没有返回任何用户,而被接受的网站却记录了用户名。
我确信这只是我遗漏了什么,或者做错了什么。任何帮助都将不胜感激。
谢谢,Aaron