On Wed, 2005-08-03 at 09:38 -0300, Carlos Zottmann wrote:
> The problem we are facing is that when a user hits a rule that denies
> access, squid falls back to basic authentication and prompts the user
> for a new username and password.
>
> How can we configure squid so it just shows de access denied error
> page in this case, instead of falling back to basic authentication?
Please keep the ML posted, it might be of interest to others.
Back to your question, are you sure it does fall back to basic auth? You
can discern basic versus NTLM auth by looking at the password dialog
box: if it asks for a domain (3 input fields) then it's actually doing
NTLM. Basic auth has 2 input fields.
I think you can work on that by rearranging your configuration file
(beware, it's untested).
Suppose you have an acl of users ("users") and an acl of denied sites
("noaccess").
I take your http_access looks something like
http_access deny users noaccess
http_access allow all
You could try to change it into:
http_access allow users !noaccess
http_access deny noaccess
http_access allow all
In this case the deny on the unallowed sites doesn't depend on the
username, and the behaviour could change. Then of course MSIE could just
do things its own way and be out of squid's control...
Kinkie
