I'm having a real bear of a time getting this to work correctly. I've got a Squid proxy setup that authenticates to AD, and does AD group based filtering. It all works great, but I can't get the custom access denied pages to work. The way I have it setup right now is if a student is a member of a specific group for restricting Internet usage they will only be able to browse by means of a white list. For this specific ACL dealing with the white list I want the customized denied page to show when they try and browse to a site outside of that list. All that I can get to show is the default access denied page.

http_access allow WhiteListSites
http_access deny NoInetAccess all
Now, if I take the "all" of off the end of third line then I can get custom error page to display, but the browser will prompt for credentials. If the line is left as is, no prompt will be made, but the default access is denied page is displayed. This is driving me nuts. Anyone out there been through this once? Thanks....