Background: we are using Squid internally to replicate customer
environments which require proxy transit for most if not all HTTP/REST
comms, in order to facilitate bug replication and dev/test of software
which must operate in those environments.
I would like to configure Squid with a set of allow-listed domains such
that unauthenticated CONNECTs to sites within those domains succeed,
_unless_ the following conditions are met:
* if a client preemptively sends a Proxy-Authenticate header anyway,
without first receiving a 407
* _and_ that header is invalid (bad username/password, unsupported
authN method, &c),
...in which case I want the CONNECT to get a standard 407 response.
Is this conditional possible with Squid's ACL structure? I can't see a
way to make it happen in Squid 3.5 running on Amazon linux, although
I've discovered a couple new ways of generating authentication loops. :/
Thanks for any help/pointers,
Ole
--
Ole Craig | o...@macmillan-craig.net
McQuary was far too generous.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
