On Tue, 2009-09-15 at 15:22 +1000, Adrian Chadd wrote: > G'day. This question is aimed mostly at Henrik, who I recall replying > to a similar question years ago but without explaining why. > > Why does Squid-2 return HTTP_PROXY_AUTHENTICATION_REQUIRED on a denied ACL? > > The particular bit in src/client_side.c: > > int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || > aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent; > > Is there any particular reason why auth is tried again? it forces a > pop-up on browsers that already have done authentication via NTLM.
Because it should? Perhaps you can expand on where you are seeing this - I suspect a misconfiguration or some such. Its entirely appropriate to signal HTTP_PROXY_AUTHENTICATION_REQUIRED when a user is denied access to a resource *and if they log in differently they could get access*. -Rob
signature.asc
Description: This is a digitally signed message part
