Hi Henrik.. it is never easy is it ;0) Looks like I will be maintaining whitelists for the foreseeable future! Thanks for the reply Jay 2012/2/4 Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx>: > lör 2012-02-04 klockan 13:23 +0000 skrev Jason Fitzpatrick: > >> I was hoping that if a client failed to authenticate then it would be >> forwarded to the upstream and fall under what ever the default (un >> authorized) ruleset is, known risky sites etc would be getting >> filtered there, > > Unfortunately HTTP do not work in that way. > > Clients not supporting authentication sends requests without any > credentials at all. Proxies (and servers) wanting to see authentication > then rejects the request with an error "authentication required" > challenging the client to present valid credentials. > > Clients supporting authentication also starts out by sending the request > without any credentials at all like above. The difference is only how > the client reacts to the received error. If the client supports > authentication then it collects the needed user credentials and retries > the same request but with user credentials this time. > > If the credentials is invalid then the authentication fails, which in > most cases results in the exact same error as above to challenge the > user to enter the correct credentials. > > Regards > Henrik > -- "The only difference between saints and sinners is that every saint has a past while every sinner has a future. " — Oscar Wilde
