But in that case, ACCESS_REQ_PROXY_AUTH would be returned rather than
ACCESS_DENIED..
Adrian
2009/9/15 Robert Collins <robertc_at_robertcollins.net>:
> On Tue, 2009-09-15 at 15:22 +1000, Adrian Chadd wrote:
>> G'day. This question is aimed mostly at Henrik, who I recall replying
>> to a similar question years ago but without explaining why.
>>
>> Why does Squid-2 return HTTP_PROXY_AUTHENTICATION_REQUIRED on a denied ACL?
>>
>> The particular bit in src/client_side.c:
>>
>> int require_auth = (answer == ACCESS_REQ_PROXY_AUTH ||
>> aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent;
>>
>> Is there any particular reason why auth is tried again? it forces a
>> pop-up on browsers that already have done authentication via NTLM.
>
> Because it should? Perhaps you can expand on where you are seeing this -
> I suspect a misconfiguration or some such.
>
> Its entirely appropriate to signal HTTP_PROXY_AUTHENTICATION_REQUIRED
> when a user is denied access to a resource *and if they log in
> differently they could get access*.
>
> -Rob
>
Received on Tue Sep 15 2009 - 06:09:52 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 16 2009 - 12:00:05 MDT