On Mon, 15 Jun 2009 15:51:54 -0500 (CDT), Al - Image Hosting Services <azick@xxxxxxxxxxxxxxxxxxxx> wrote: > Hi, > > On Mon, 15 Jun 2009, Amos Jeffries wrote: >> On Sun, 14 Jun 2009 20:28:28 -0500 (CDT), Al - Image Hosting Services >> <azick@xxxxxxxxxxxxxxxxxxxx> wrote: >>> Hi, >>> >>> After thinking about it, I decided that if a person lost their password, >>> that I should have away for them to retrieve it without needing me, so I >>> added an acl to unblock a site so it would work without authentication. >>> Where I have a problem is that it looks like you can try wrong usernames >>> and passwords all day. Could someone tell me how many times a user will >> be >>> able to type in their username and password before squid will give the >>> ERR_CACHE_ACCESS_DENIED page? Or if there is even a way to change this >>> number. I would like people to see the error page after maybe 10 tries. >> If >>> this can't be changed, then I will need to find another way to deal with >>> this issue. >>> >>> Best Regards, >>> Al >> >> Zero times. It is displayed immediately when auth credentials are missing >> or bad. >> >> The problem you have now is that the error page is hidden by the browsers >> and converted into that popup everyone is so familiar with. > > I must admit that I really expected to get this answer, but I need to be > sure. Do you know if there is any kind of work around? > > Thanks, > Al Hmm. I'm thinking this is something useful we need to add to Squid. Patches to Squid-3 welcome if anyone wants wants something to do. I'm working on theory here so testing and tuning are in order before this goes live. I'm thinking you may be able to do it by altering the response headers. It may only work in squid-3 where the headers are available separately too. deny_info http://your.domain.invalid/authpage.html dummy reply_header_access deny !auth dummy Where dummy is an external ACL testing to see how many times the user has passed bad credentials in a row. You can probably get this by passing %SRC %<{Proxy-Authenticate} Amos
