On 11/05/2012 6:31 a.m., Usuário do Sistema wrote:
Hello all,
I'm again with a old issue for me that I have never been able figure out it.
I allow a main url: http://www.tbanc.cl and in log show me that's ok as follow.
TCP_MISS/200 10699 GET http://www.tbanc.cl/TBanc/ShowProperty? ereyes
DIRECT/199.186.28.41 image/x-png1336673689.620 150 192.9.201.65
but that url has some links to others sites which is blocked for this
user "ereyes" so the authentication screen pop-up constantly!
TCP_DENIED/407 1833 GET http://www.google-analytics.com/ga.js ereyes
NONE/- text/html
it's possible hide that authentication screen ? the proxy is
integrated with Active Directory by NTLM.
You need to separate the authorize and authenticate oprations.
What you are currently doing is dropping a request for an already logged
in user saying they are not presenting the right credentials to access
that resource. Of course the browser is going to ask the user what the
right credentials are.
For example:
# check login, reject if not
http_access deny !loggedin
# only logged in users can get here...
# ... so check if they are allowed access to this site.
http_access deny unwanted_sites
# otherwise do whatever for allowing them access.
http_access allow ...
Amos
