On Tue, 2 Dec 2003, Jim Crippen wrote: > I don't know if this has already been answered but I was unable to find > anything about it. I've setup squid-2.5.STABLE4 with Samba 3.0.0 using > winbind for authentication. Everything works fine, except, every page > accessed first enters 2 TCP_DENIED entries in the access log.
This is due to how NTLM authentication works. On each new client connection there is first two denied requests while NTLM tries to negotiate the authentication. We could add filters to squid not logging these, but then we risk both logging interesting details in case of problems and to allow hackers to probe the proxy without getting noticed. > I wanted to know if there is a way around this as when I add back in > the following acl "acl test url_regex "/etc/blacklist" " and deny access > to it, I can not get the username recorded in the access log. You can if you blacklist after requiring authentication.. The two questions are not related. Regards Henrik
