By Steven Acreman <sacreman@gmail.com>:
1. IE sends a request for a page without any user
information. Squid logs this with a TCP_DENIED/407
status with no username.
2. IE sends a request for a page with only computer and
domain information. Squid logs this with a
TCP_DENIED/407 status with no username.
3. IE sends all of the authentication details. Squid
authenticates the request and logs it with the correct
username.
4. Subsequent requests on the same tcp connection are
automatically authenticated.
The problem is that the mysar importer script imports
the log entries with the TCP_DENIED/407 status codes to
the database. This means that the mysar webpage has two
entries for every host.. one contains the entries that
weren't authenticated. The other contains the entries
with the username.
MySAR should ignore DENIED records that are generated
prior to authentication, since they cannot be avoided.
Logged In: YES
user_id=1466076
this is going to be hard.
the only way I can see around this is that if we just drop
all TCP_DENIED/407 records to begin with. good
entries/requests should get logged with TCP_HIT/407 and
similar codes for users who are already authenticated.
This is another one of those good intention features that
require squid source code editing in order to make it work
right, since squid already uses an external program and
makes no reference if the user becomes authenticated or not.
3. IE sends all of the authentication details. Squid
authenticates the request and logs it with the correct
username.
Seems to me you can safely drop all TCP_DENIED/407 because in step 3. above the request is logged normally (ie not TCP_DENIED/407)