On Tue, 2009-09-15 at 15:22 +1000, Adrian Chadd wrote:
> G'day. This question is aimed mostly at Henrik, who I recall replying
> to a similar question years ago but without explaining why.
>
> Why does Squid-2 return HTTP_PROXY_AUTHENTICATION_REQUIRED on a denied ACL?
>
> The particular bit in src/client_side.c:
>
> int require_auth = (answer == ACCESS_REQ_PROXY_AUTH ||
> aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent;
>
> Is there any particular reason why auth is tried again? it forces a
> pop-up on browsers that already have done authentication via NTLM.
Because it should? Perhaps you can expand on where you are seeing this -
I suspect a misconfiguration or some such.
Its entirely appropriate to signal HTTP_PROXY_AUTHENTICATION_REQUIRED
when a user is denied access to a resource *and if they log in
differently they could get access*.
-Rob
This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:04 MDT