November 22, 2024, 08:09:50 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: SARG : Confused log report : How can denied users have downloads  (Read 6559 times)

Offline tidalbobo

  • New Member
  • Posts: 2
Pls see the image from my SQID sarg log.

pls see
http://picasaweb.google.com/lh/photo/FbcYU12hAjjBsyFzNCB7rA?authkey=Gv1sRgCL3LrI7ai4OgDA&feat=directlink

The each attempt has DENIED   status, but in each case there is a download. Total DENIED downloads amount to 6.61 MB.
Can this be possible?

I am using LDAP auth. So ideally instead of   "User: 172.16.64.64"  ( the IP), i should get "User: ABC".  I get this ip-resolved user names for other users. But this guy is weird. Got me worried.  Any clue to whats going on?

Thanks in advance.

Offline thebrighter

  • New Member
  • Posts: 1
Re: SARG : Confused log report : How can denied users have downloads
« Reply #1 on: May 14, 2009, 04:45:35 AM »
Use acl to block him and see his activity through tail -f <access.log file>. If he still downloading he must have another hole in squid.conf file.
Implement one by one and try to find out exact matter.

Offline tidalbobo

  • New Member
  • Posts: 2
Re: SARG : Confused log report : How can denied users have downloads
« Reply #2 on: May 14, 2009, 05:19:45 AM »
Im not too sure about having a HOLE some place.
The rule is pretty basic.

It defines my_networks
The allow is based on (my_nwteorks AND LDAP password)
thts all.

If password is incorrect users are not allowed access. That part works fine.