[squid-users] Error page for failed authentication

[Amos Jeffries]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/10/2014 9:32 a.m., silblackw wrote:
> Hello,
> 
> I am setting up my squid to require user authentication with a
> digest. I have noticed that if authentication fails, it prompts the
> user again, and if the user clicks "cancel" then squid just refuses
> the connection. I am wondering if it is possible to change the
> behavior so that if authentication fails or the user clicks
> "cancel" squid instead redirects the user to an authentication
> failure page. Is this possible using the squid config file? What
> would be the best way of approaching this problem?

The page being displayed after cancel is suposed to be the payload of
the previous 407 message from the proxy. You can set it to any page
content you like using deny_info directive. But, be aware that the
popup is a browser features *designed* to hide that page whether they
actually display the payload or some "friendy" error of their own
choosing (hello MSIE) we can't control.

As for redirect. You can also do that with deny_info in the latest
Squid. However it is kind of a bad idea. Sending any 300-399 status
code tells the client that authentication has *succeeded*, and that
the URL it was requesting is found at the indicated new location. Some
redirect codes permanently change the browser history an bookmark
references, etc.
 Take great care.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUNgZBAAoJELJo5wb/XPRj7i4H/0GMQqEE5CfRg8nxyTF8VfX5
SCrUFEXeBEi1qaMxjIzKPDjUxVgh/6PS0YrX66ZJhJPdLg1Q7/qclA7n2wsXFpvr
w7eYhupHuZqxv+HTQ8x/y1t/mtloMJqAUgICbe8EHWATVU30wrNeNYkmiqyqYaaC
zKEh06+O3xKHLzNIJ7kZEOsQmQHwbjktx7MWmEQ2sqihanWQK6mEpb3w8JtPA1AJ
K9Dx5kCzqhj1Rwau/vN3LOa7QCpj/2rlK0CloBM36II1PLauB2Uco9xyySwsxxRs
b07eeuIxPDVE82iGMLNQlptEQ1qk+KKfe8W9vzDk6NP5VhjTa06CSRnschIu2wc=
=7n5D
-----END PGP SIGNATURE-----