Fallback to Non Authenticated

We are trying to achieve the following scenario - require all users to authenticate and if authentication fails, use default strict web filtering policy. Is it possible?

Unfortunately this is not possible. If you enable authentication Web UI will generate Squid’s acl asking everyone to authenticate. Proxy authentication either works or not. It is not possible to ask the user to authenticate and then when he fails assign a non-authenticated label to that user.

If you are able to separate the users that do not need to be authenticated by for example IP address, subnet or address range then simply add these to UI / Squid / Auth / Exclude by IP and these users will be excluded from authentication and thus processed by default web filtering policy.