Hi, Amos > Um, what is your use-case here? > * Squid logging into the ICAP server? > * Performing Basic auth with different realms based on ICAP criteria? +------+ |server| +-+----+ | ---+--+--------- | +----+-----+ +-------------+ +----------+ | squid | <------> | ICAP server | <---> | AD | +----------+ reqmod +-------------+ auth +----------+ | ---+--+--------- | +-+----+ |client| +------+ * The ICAP server has BASIC authentication feature "by itself". So, ICAP server returns HTTP/1.0 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="XXXXX" * I don't use squid's authentication feature. I'd like squid to permit the header. Do you understand ? Sincerely, -- Mikio Kishi On Sun, Aug 15, 2010 at 10:40 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Mikio Kishi wrote: >> >> Hi, all >> >> If the icap server(reqmod) responses the following, >> >> HTTP/1.0 407 Proxy Authentication Required >> Proxy-Authenticate: Basic realm="XXXXX" >> >> squid try to delete the Proxy-Authenticate header .... >> >>> client_side_reply.cc >>> 1218 // if there is not configured a peer proxy with login=PASS >>> option enabled >>> 1219 // remove the Proxy-Authenticate header >>> 1220 if ( !(request->peer_login && >>> strcmp(request->peer_login,"PASS") ==0)) >>> 1221 reply->header.delById(HDR_PROXY_AUTHENTICATE); >> >> The above codes is that. For your information, squid 3.0 is no problem. >> What do you think ? >> >> Squid version: 3.1.6 > > Um, what is your use-case here? > * Squid logging into the ICAP server? > * Performing Basic auth with different realms based on ICAP criteria? > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.6 > Beta testers wanted for 3.2.0.1 >