=== modified file 'src/auth/AclProxyAuth.cc'
--- src/auth/AclProxyAuth.cc	2013-06-05 20:21:26 +0000
+++ src/auth/AclProxyAuth.cc	2014-03-21 16:05:08 +0000
@@ -61,44 +61,47 @@
     type_ = rhs.type_;
     return *this;
 }
 
 char const *
 ACLProxyAuth::typeString() const
 {
     return type_;
 }
 
 void
 ACLProxyAuth::parse()
 {
     data->parse();
 }
 
 int
 ACLProxyAuth::match(ACLChecklist *checklist)
 {
     allow_t answer = AuthenticateAcl(checklist);
+    ACLFilledChecklist *filled = Filled(checklist);
 
     // convert to tri-state ACL match 1,0,-1
     switch (answer) {
     case ACCESS_ALLOWED:
+        if (filled->request->flags.sslBumped)
+            return 1; // AuthenticateAcl() already handled this bumped request
         // check for a match
         return matchProxyAuth(checklist);
 
     case ACCESS_DENIED:
         return 0; // non-match
 
     case ACCESS_DUNNO:
     case ACCESS_AUTH_REQUIRED:
     default:
         // If the answer is not allowed or denied (matches/not matches) and
         // async authentication is not in progress, then we are done.
         if (checklist->keepMatching())
             checklist->markFinished(answer, "AuthenticateAcl exception");
         return -1; // other
     }
 }
 
 wordlist *
 ACLProxyAuth::dump() const
 {