Hi Amos! Thanks for your answer: >> After the first (successful) authentication, some milliseconds >> later the failure (same user!). Apparently, no authentication data >> is provided. > > Yes. Consider this: * two packets leave your gateway router. Which > comes from client_1 and which comes from some attacker spoofing > client_1 IP ? Ok, I see the problem. But: > Check whether you have client persistent connections enabled. When > that is working the client traffic will all be sent over connections > it already knows need authentication, so you should see far less 407 > from the proxy. I found this in the Squid documentation: "By default, Squid uses persistent connections (when allowed) with its clients and servers. You can use these options to disable persistent connections with clients and/or servers." (http://www.squid-cache.org/Versions/v2/2.7/cfgman/client_persistent_connections.html) Nevertheless, I added the line client_persistent_connections on to my squid.conf and reloaded Squid. Unfortunately, the number of 407 messages in the log file didn't decrease ... But can you please tell me the meaning of "when allowed"? Is there anything to do at client side to allow persistent connections? Or elsewhere? Kind regards, Juergen