Support for mapping client DNS name to user name in UserAlias file

darold / squidanalyzer

Squid Analyzer parses Squid proxy access log and reports general statistics about hits, bytes, users, networks, top URLs, and top second level domains. Statistic reports are oriented toward user and bandwidth control.

http://squidanalyzer.darold.net/

126 stars 36 forks source link

Support for mapping client DNS name to user name in UserAlias file #159

Closed dspruell closed 7 years ago

dspruell commented 7 years ago

The UserAlias map allows IP address or login name patterns on the right hand side, and on my installation I do not use proxy auth but I use UseClientDNSName to report the client's identity. Would it be possible to extend UserAlias syntax to allow matching on the client DNS name in addition to IP address? For example:

#-------------------------------------------------------------------------------
# Squid Analyzer User Alias configuration file
# FORMAT : FULL_USER_NAME       IP_ADDRESS|LOGIN_NAME|DNS_NAME,LOGIN_REGEX|DNS_REGEX
# Field separator must be one or more tabulation. Space in user name are not
# allowed. See example bellow
#-------------------------------------------------------------------------------
#MyFirstName    mylogin,192.168.1.12
#MyOtherNames   logon\d+
Julia           julia-\w+.wifi.example.net
John            john-laptop.lan.example.net

darold commented 7 years ago

Hi,

That's should be the case yet. When there's no auth the username is set to - in access.log file. When SquidAnalyzer found such a value for the login name, it is replaced by the client ip address and then if UseClientDNSName is enabled and a hostname is found, the login name (client ip address in this case) is replaced by the name returned by gethostbyaddr(). So when it is checked against a user alias, it is checked as a hostname, not an ip address.

Regards,

dspruell commented 7 years ago

D'oh. I should have tried what I submitted beforehand, of course it does work. My mistake was looking at the documentation header on the file to literally since it mentions only IP address | login name.

Is it possible to update the documentation to clarify that the right hand side can be a hostname when UseClientDNSName is enabled?

Also is it possible to allow space (0x20) in the username, since tabulation is used as the field separator in the file?

darold commented 7 years ago

Documentation fixed with commit 31467ff.

And yes you can use withe space in user name, the field separator is the tabulation. When using auth_proxy Squid replace the space in login name by %20 in access.log, this is also supported by SquidAnalyzer.

dspruell commented 7 years ago

Thanks for the clarification. I just want to check on the documentation as the comment header in user-aliases file notes:

...Space in user name are not allowed

Should the documentation be updated, since spaces may be used in the username?

darold commented 7 years ago

Commit bc2bfa2 update the documentation and user-aliases file. Thanks for the report.