Author Topic: SARG : Confused log report : How can denied users have downloads (Read 4437 times)

tidalbobo · « **on:** April 01, 2009, 06:57:13 AM »

Pls see the image from my SQID sarg log.

pls see
http://picasaweb.google.com/lh/photo/FbcYU12hAjjBsyFzNCB7rA?authkey=Gv1sRgCL3LrI7ai4OgDA&feat=directlink

The each attempt has DENIED status, but in each case there is a download. Total DENIED downloads amount to 6.61 MB.
Can this be possible?

I am using LDAP auth. So ideally instead of "User: 172.16.64.64" ( the IP), i should get "User: ABC". I get this ip-resolved user names for other users. But this guy is weird. Got me worried. Any clue to whats going on?

Thanks in advance.

thebrighter · « **Reply #1 on:** May 14, 2009, 04:45:35 AM »

Use acl to block him and see his activity through tail -f <access.log file>. If he still downloading he must have another hole in squid.conf file.
Implement one by one and try to find out exact matter.

tidalbobo · « **Reply #2 on:** May 14, 2009, 05:19:45 AM »

Im not too sure about having a HOLE some place.
The rule is pretty basic.

It defines my_networks
The allow is based on (my_nwteorks AND LDAP password)
thts all.

If password is incorrect users are not allowed access. That part works fine.

Author Topic: SARG : Confused log report : How can denied users have downloads (Read 4437 times)

tidalbobo

SARG : Confused log report : How can denied users have downloads

thebrighter

Re: SARG : Confused log report : How can denied users have downloads

tidalbobo

Re: SARG : Confused log report : How can denied users have downloads