Dropping requests when no authentication possible