But in that case, ACCESS_REQ_PROXY_AUTH would be returned rather than ACCESS_DENIED..
Adrian 2009/9/15 Robert Collins <[email protected]>: > On Tue, 2009-09-15 at 15:22 +1000, Adrian Chadd wrote: >> G'day. This question is aimed mostly at Henrik, who I recall replying >> to a similar question years ago but without explaining why. >> >> Why does Squid-2 return HTTP_PROXY_AUTHENTICATION_REQUIRED on a denied ACL? >> >> The particular bit in src/client_side.c: >> >> int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || >> aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent; >> >> Is there any particular reason why auth is tried again? it forces a >> pop-up on browsers that already have done authentication via NTLM. > > Because it should? Perhaps you can expand on where you are seeing this - > I suspect a misconfiguration or some such. > > Its entirely appropriate to signal HTTP_PROXY_AUTHENTICATION_REQUIRED > when a user is denied access to a resource *and if they log in > differently they could get access*. > > -Rob >
