Hi Henrik, Thanks for your info. I just tried moving The http_access order around a bit with no luck.
I've actually had this working correctly previously, and when a user is authenticated, the error page is displayed, and the user is not asked for authentication. If the user cancels the authentication request, they are displayed a ERR_CACHE_ACCESS_DENIED error page instead of the ERR_ACCESS_DENIED error page. This is important, because the ERR_CACHE_ACCESS_DENIED page has been modified to provide them with information about authenticating, where the ERR_ACCESS_DENIED page has been modified to let them know that a site has been blocked. The acls I have are listed below. I've included the delay pools entries just in case. acl all src 0.0.0.0/0.0.0.0 acl exemptip src 192.168.1.133 acl local src 192.168.1.4 acl racp src 192.168.1.0/255.255.255.0 acl josh src 192.168.0.0/255.255.255.0 acl dialin src 192.168.1.240 192.168.1.241 192.168.1.242 192.168.1.243 192.168.1.244 acl sapted proxy_auth sapted acl kmoore proxy_auth kmoore acl mfrankland proxy_auth mfrankland acl network_admin proxy_auth jdixon psibbald acl societies proxy_auth ads anzbms ra asid csanz csanz-admin anzsn hgsa imsanz moga acl akovach proxy_auth akovach acl wlockley proxy_auth wlockley acl cedept proxy_auth achang akovach mfrankland sweir acl passwd proxy_auth REQUIRED acl gator dstdomain .gator.com acl webshots dstdomain .webshots.com acl passport dstdomain .passport.com acl hotmail dstdomain .hotmail.com .hotmail.passport.com .hotmail.msn.com acl productactivate dstdomain productactivation.one.microsoft.com acl vet dstdomain .vet.com.au acl opac src 192.168.1.129 192.168.1.154 acl yahoomail dstdomain .mail.yahoo.com acl bigbrother dstdomain .bigbrother.com.au .bigbrother.optus.com.au acl anonymizer dstdomain .anonymizer.com acl swflash urlpath_regex -i \swflash.cab acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl shockwaveplayer browser Shockwave acl iebrowser browser MSIE acl blocked_users proxy_auth "/etc/squid/blocked_users" deny_info ERR_BROWSER_DENIED iebrowser deny_info ERR_BLOCKED_USER blocked_users acl password.nolim proxy_auth "/etc/squid/proxy_auth_group.nolim" acl password2 proxy_auth "/etc/squid/proxy_auth_group.5k" acl password3 proxy_auth "/etc/squid/proxy_auth_group.10k" acl password4 proxy_auth "/etc/squid/proxy_auth_group.15k" acl password5 proxy_auth "/etc/squid/proxy_auth_group.20k" acl password6 proxy_auth "/etc/squid/proxy_auth_group.25k" acl password7 proxy_auth "/etc/squid/proxy_auth_group.30k" acl password8 proxy_auth "/etc/squid/proxy_auth_group.35k" http_access allow manager localhost http_access allow manager exemptip http_access allow manager local http_access allow manager network_admin http_access deny manager http_access deny all gator http_access deny all bigbrother http_access deny all !racp http_access deny all webshots http_access allow shockwaveplayer http_access allow vet opac http_access allow hotmail opac http_access allow passport opac http_access allow hotmail mfrankland http_access allow hotmail wlockley http_access allow yahoomail kmoore http_access allow all network_admin http_access allow !iebrowser akovach http_access allow !iebrowser network_admin http_access allow all societies http_access allow yahoomail sapted http_access deny all !iebrowser http_access deny all hotmail http_access deny all yahoomail http_access deny all swflash http_access deny all anonymizer http_access allow racp password.nolim http_access allow racp password8 http_access allow racp password7 http_access allow racp password6 http_access allow racp password5 http_access allow racp password4 http_access allow racp password3 http_access allow racp password2 http_access allow racp passwd http_access allow josh passwd http_access allow racp productactivate http_access deny all !passwd http_access deny all delay_initial_bucket_level 100 delay_pools 9 delay_class 1 2 delay_class 2 2 delay_class 3 2 delay_class 4 2 delay_class 5 2 delay_class 6 2 delay_class 7 2 delay_class 8 2 delay_class 9 2 delay_access 1 allow racp password.nolim delay_access 1 deny all delay_access 2 allow racp password2 delay_access 2 deny all delay_access 3 allow racp password3 delay_access 3 deny all delay_access 4 allow racp password4 delay_access 4 deny all delay_access 5 allow racp password5 delay_access 5 deny all delay_access 6 allow racp password6 delay_access 6 deny all delay_access 7 allow racp password7 delay_access 7 deny all delay_access 8 allow racp password8 delay_access 8 deny all delay_access 9 allow racp passwd delay_access 9 deny all delay_parameters 1 -1/-1 -1/-1 delay_parameters 2 -1/-1 5000/5000 delay_parameters 3 -1/-1 10000/10000 delay_parameters 4 -1/-1 15000/15000 delay_parameters 5 -1/-1 20000/20000 delay_parameters 6 -1/-1 25000/25000 delay_parameters 7 -1/-1 30000/30000 delay_parameters 8 -1/-1 35000/35000 delay_parameters 9 -1/-1 40000/40000 >>> Henrik Nordstrom <[EMAIL PROTECTED]> 28/05/2003 2:50:55 pm >>> On Wednesday 28 May 2003 04.57, Josh Dixon wrote: > I have a strange situation, where the acls are working as designed, > and the http_access rules are denying and allowing as requested, > but instead of displaying an error page to the browser, it prompts > the user for their username & password. Yes. What you are seeing is most likely an intentional feature of Squid. If a request is denied by an proxy_auth type acl then Squid will request the user to authenticate with a new username+password. The browser only shows the returned error page if the user cancels the authentication request. Example where this will happen acl somegroup proxy_auth user1 user2 user3 http_access deny somesites somegroup If you do not want this to happen then you need to deny the request by another type of acl. In some cases this can be done as simple as just writing the acls in another order http_access deny somegroup somesites in other you may need to use a dummy "all" type acl (if you need to combine this with detailed deny_info, then create multiple such acls, one per deny_info message) http_access deny somesites somegroup all Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]