Chris, I'm glad I saw this post today as I also would like to just get rid of the authentication prompt when as user attempts to use the Web when listed in my denied_users ACL. It works perfectly as you said when adding "all" to the end of the http_access deny statement. However, now I'd like to use a custom error page when this occurs. Instead of the stock "Access Denied" page and its reasons, I made one that tells the user the reasons why their access may be denied (no AUP signed or inappropriate use, etc.) This works perfectly when my squid.conf is like this: acl denied_users proxy_auth_regex -i '/etc/squid/denied_users' deny_info ERR_USER_ACCESS_DENIED denied_users http_access deny denied_users but if I do this: acl denied_users proxy_auth_regex -i '/etc/squid/denied_users' deny_info ERR_USER_ACCESS_DENIED denied_users http_access deny denied_users all then the normal ERR_ACCESS_DENIED error page comes up. Is there a way to make this work (custom error message) while NOT prompting the user for authorization? I guess I could modify the ERR_ACCESS_DENIED but I don't want to confuse things if it comes up for some other reason other than being part of the denied_users ACL. I suppose I could just ADD to the current error page info that would help the user understand what's going on... Thanks, Geoff -----Original Message----- From: Chris Robertson [mailto:crobertson@xxxxxxx] Sent: Tuesday, March 28, 2006 10:56 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: outright deny Covington, Chris wrote: >Hi all, > >I've got an NTLM Group deny working: > >external_acl_type ntlm_group ttl=0 concurrency=5 %LOGIN >/usr/lib/squid/wbinfo_group.pl >acl NTLMNoAccess external ntlm_group Internet_Access_None >http_access deny NTLMNoAccess >http_reply_access deny NTLMNoAccess > >The issue is that when a user is a member of Internet_Access_None, >they get prompted to login rather than just seeing the >ERR_CACHE_ACCESS_DENIED (ERR_ACCESS_DENIED?) page. How can I setup an >outright deny when a member is in Internet_Access_None? > > If I remember correctly, if Squid denies access due to a proxy_auth ACL, it will prompt for different credentials. Changing your http_access line to... http_access deny NTLMNoAccess all ...should clear this up. I think. >thanks >--- >Chris Covington >IT >Plus One Health Management >75 Maiden Lane Suite 801 >NY, NY 10038 >646-312-6269 >http://www.plusoneactive.com > > Chris
