Morning all.. I have a requirement to have my squid servers authenticate users before forwarding requests to an upstream server which does content filtering based on the X-Forwarded headers in the requests and all seems to be working quite well so far, (internal traffic is routed via the squids without the need to authenticate) I do have one issue though, clients that are unable to authenticate (windows update / Java updates etc) and want to set up the system so that it will attempt to authenticate the user, and if the authentication fails the request is routed regardless Is such a thing possible? I have tried all sorts of configurations but the logic to the rules still escapes me! Thanks for any suggestions Jay -- "The only difference between saints and sinners is that every saint has a past while every sinner has a future. " — Oscar Wilde