Re: [squid-users] ACLs and http_access deny problem

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 28 May 2003 06:50:55 +0200

On Wednesday 28 May 2003 04.57, Josh Dixon wrote:

> I have a strange situation, where the acls are working as designed,
> and the http_access rules are denying and allowing as requested,
> but instead of displaying an error page to the browser, it prompts
> the user for their username & password.

Yes.

What you are seeing is most likely an intentional feature of Squid. If
a request is denied by an proxy_auth type acl then Squid will request
the user to authenticate with a new username+password.

The browser only shows the returned error page if the user cancels the
authentication request.

Example where this will happen

  acl somegroup proxy_auth user1 user2 user3
  http_access deny somesites somegroup

If you do not want this to happen then you need to deny the request by
another type of acl. In some cases this can be done as simple as just
writing the acls in another order

  http_access deny somegroup somesites

in other you may need to use a dummy "all" type acl (if you need to
combine this with detailed deny_info, then create multiple such acls,
one per deny_info message)

  http_access deny somesites somegroup all

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Tue May 27 2003 - 22:54:00 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:06 MST