Background: we are using Squid internally to replicate customer
environments which require proxy transit for most if not all
HTTP/REST comms, in order to facilitate bug replication and
dev/test of software which must operate in those environments.
I would like to configure Squid with a set of allow-listed
domains such that unauthenticated CONNECTs to sites within those
domains succeed, _unless_ the following conditions are met:
- if a client preemptively sends a Proxy-Authenticate header
anyway, without first receiving a 407
- _and_ that header is invalid (bad username/password,
unsupported authN method, &c),
...in which case I want the CONNECT to get a standard 407
response.
Is this conditional possible with Squid's ACL structure? I can't
see a way to make it happen in Squid 3.5 running on Amazon linux,
although I've discovered a couple new ways of generating
authentication loops. :/
Thanks for any help/pointers,
Ole
--
Ole Craig | olc@xxxxxxxxxxxxxxxxxxx
McQuary was far too generous.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
