Hello again Henrik Thank you for your answer. My understanding of "deny_info" (with relation to "http_access deny") was just insufficient... It might look a little redundant, but according to Scott's advice I guess an appropriate squid.conf would be as follows: --- my squid.conf -- deny_info ERR_USER_AUTH_FAILED user_auth_acl deny_info ERR_MYACL_FAILED myacl http_access allow user_auth_acl myacl http_access deny !user_auth_acl http_access deny !myacl http_access deny all --- my squid.conf -- Thanks again. Regards, Norio > > In case 1. below, squid shows ERR_USER_AUTH_FAILED for user_auth_acl, > > however it shows not ERR_MYACL_FAILED but just ERR_ACCESS_DENIED for myacl... > > This is because you never deny requests by "myacl". Only "user_auth_acl" > (by not being authenticated yet) or the "all" acl when falling thru to the > "deny all" line. > > deny_info works by the acl which was active then the request was denied, > which makes it match two kinds of acls: > > a) The last acl on an http_access deny line > > b) An authentication related acl when the user is not yet authenticated as > this implicitly denies access to request the user to log in. > > Regards > Henrik
