I have Squid setup so that it performs NTLM authentication from a Windows 2003 Active Directory domain controller. It currently works without issue, allowing only properly authenticated users web browsing access and denying others. What I would like to do is block certain accounts from web browsing. When I implement such a block the users are presented with an authentication dialog box, and then ultimately receive the proper deny message in the browser. The problem is that I do not want them to be prompted for valid credentials; they should be immediately denied access. Here is the appropriate areas of my configuration: acl authenticated_users proxy_auth REQUIRED acl denied_admin proxy_auth_regex -i "/etc/squid/denied_admin" acl denied_users proxy_auth_regex -i "/etc/squid/denied_users" http_access deny denied_users http_access deny denied_admin deny_info ERR_ACCESS_DENIED_ADMIN denied_admin http_access allow authenticated_users http_access allow localhost http_access allow local_network http_access deny all Any ideas how I can get rid of the authentication dialog box that pops up and just have the deny message issued immediately? -- Scott Jarkoff
