G'day. This question is aimed mostly at Henrik, who I recall replying
to a similar question years ago but without explaining why.
Why does Squid-2 return HTTP_PROXY_AUTHENTICATION_REQUIRED on a denied ACL?
The particular bit in src/client_side.c:
int require_auth = (answer == ACCESS_REQ_PROXY_AUTH ||
aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent;
Is there any particular reason why auth is tried again? it forces a
pop-up on browsers that already have done authentication via NTLM.
I've written a patch to fix this in Squid-2.7:
http://www.creative.net.au/diffs/2009-09-15-squid-2.7-auth_required_on_auth_acl_deny.diff
I'll create a bugtraq entry when I have some more background
information about this.
Thanks,
adrian
Received on Tue Sep 15 2009 - 05:29:24 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:04 MDT