I've simplified things as far as I can think to and still get what appear to be random TCP_DENIED/407 errors after I've been authenticated. Using Squid 2.7 STABLE 9, I'm now just using the digest_pw_auth authenticator with a single user pw file of test:test. If I turn off authentication there's no problem. But with authentication on I can't get much further than a page or two of sites like Yahoo.com or LATimes.com (sites with many resources) before I get a 407. I've run some wireshark captures and could post the http header request/responses if that helps any. I don't know the digest authentication protocol well enough to follow all the nonce transitions and all of that to see if it's a problem. Here is my squid.conf in hopes that someone might have some ideas on direction I could take in debugging this. Is there any way to get more info from Squid about why it's throwing 407's? _________________________________________________________________ auth_param digest realm US Proxy auth_param digest program /usr/local/squid/libexec/digest_pw_auth /tmp/pwfile auth_param digest children 5 auth_param digest nonce_garbage_interval 5 minutes auth_param digest nonce_max_duration 30 minutes auth_param digest nonce_max_count 50 acl all src all acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl authenticated proxy_auth REQUIRED http_access allow authenticated http_access deny all icp_access allow localnet icp_access deny all http_port 80 hierarchy_stoplist cgi-bin ? cache_dir ufs /mnt/sda2/cache-squid 100 16 256 logformat custom_verbose User[%un] TotalBytes[%st] ClientIP[%>a] LocalPort[%lp] SquidStatus[%Ss] URL[%ru] Time[%{%Y-%m-%d %H}tg:00:00] HttpStatus[%Hs] access_log /mnt/sda2/logs-squid/accesslog/access.log custom_verbose cache_store_log /mnt/sda2/logs-squid/store.log pid_filename /mnt/sda2/logs-squid/squid.pid cache_log /mnt/sda2/logs-squid/cache.log coredump_dir /mnt/sda2/logs-squid/core-dumps cache_effective_user squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache