Hi Henrik..
it is never easy is it ;0)
Looks like I will be maintaining whitelists for the foreseeable future!
Thanks for the reply
Jay
2012/2/4 Henrik Nordström <henrik_at_henriknordstrom.net>:
> lör 2012-02-04 klockan 13:23 +0000 skrev Jason Fitzpatrick:
>
>> I was hoping that if a client failed to authenticate then it would be
>> forwarded to the upstream and fall under what ever the default (un
>> authorized) ruleset is, known risky sites etc would be getting
>> filtered there,
>
> Unfortunately HTTP do not work in that way.
>
> Clients not supporting authentication sends requests without any
> credentials at all. Proxies (and servers) wanting to see authentication
> then rejects the request with an error "authentication required"
> challenging the client to present valid credentials.
>
> Clients supporting authentication also starts out by sending the request
> without any credentials at all like above. The difference is only how
> the client reacts to the received error. If the client supports
> authentication then it collects the needed user credentials and retries
> the same request but with user credentials this time.
>
> If the credentials is invalid then the authentication fails, which in
> most cases results in the exact same error as above to challenge the
> user to enter the correct credentials.
>
> Regards
> Henrik
>
-- "The only difference between saints and sinners is that every saint has a past while every sinner has a future. " — Oscar WildeReceived on Sun Feb 05 2012 - 13:33:50 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 05 2012 - 12:00:02 MST