On Wed, 2005-03-02 at 16:31 +0100, Werner.Rost@xxxxxx wrote: > Squid 2.5 S7 usese a Bluecoat as parent proxy. Sometimes Bluecoat gives > access-denied errors and all further requests of the user are denied. > > A Bluecoat administrator posted this problem in the appropiate list: > > http://forums.bluecoat.com/viewtopic.php?p=382#382 > > Now there is the question: > > What auth mode are you using? Sounds like squid has a persistent single > connection to ProxySG. ProxySG will remember that that session was > authenticated as a specific user, and subsequent requests on that same TCP > connection would be considered authenticated from that first user. It is a blatant violation of the HTTP protocol specifications (and incidentally is the way NTLM works). If that is what's happening, Bluecoat needs to clean its act up. I sincerely hope that they at least have some configuration option to turn this behaviour off, or at least that they do not claim HTTP compliance. Kinkie
