commit a220b5730ec8e3018da3a4f74b118f2a05f23d8d (refs/remotes/origin/v3.5)
Author: Vadim Aleksandrov <v.verdel@gmail.com>
Date:   2018-01-24 05:12:06 +0300

    Fix 889fc47 for SSL bumping with an authentication type other than the Basic (#104)
    
    Commit 889fc47 was made to fix issue with Basic authentication and SSL bumping. But after this commit we can no longer properly use http_access with proxy_auth/proxy_auth_regex ACL because that type of ACL always return 1(match) regardless of the conditions in the rules.
    
    Use the caches authentication results (if any) instead of a fixed 1(match) result.

diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc
index e457b1e..052e469 100644
--- a/src/auth/AclProxyAuth.cc
+++ b/src/auth/AclProxyAuth.cc
@@ -165,10 +165,10 @@ int
 ACLProxyAuth::matchProxyAuth(ACLChecklist *cl)
 {
     ACLFilledChecklist *checklist = Filled(cl);
-    if (checklist->request->flags.sslBumped)
-        return 1; // AuthenticateAcl() already handled this bumped request
-    if (!authenticateUserAuthenticated(Filled(checklist)->auth_user_request)) {
-        return 0;
+    if (!checklist->request->flags.sslBumped) {
+        if (!authenticateUserAuthenticated(checklist->auth_user_request)) {
+            return 0;
+        }
     }
     /* check to see if we have matched the user-acl before */
     int result = cacheMatchAcl(&checklist->auth_user_request->user()->proxy_match_cache, checklist);