ffredrixson@xxxxxxxxxxx wrote:
-------------- Original message ----------------------
From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
ffredrixson@xxxxxxxxxxx wrote:
I'm trying to provide an externally available proxy to our employees. This way
they can have the same basic protection when traveling that they get when
they're inside our corporate walls.
What acls or rules do I need to be looking at?
I'm a newbie and just trying to keep my job.
Thank you in advance.
Safest ones are auth IMO. They can use any net connection, and link in
through the proxy to get anywhere.
After the local accepts and before the global external denial.
Amos
--
Please use Squid 2.7.STABLE2 or 3.0.STABLE6
Thank you for your quick reply.
What auth would you recommend? The powers above decided it shouldn't be Active Directory. What other auth is recommended? is there any based on a cert installed on the laptops? Or could it be cookie based? (I know it sounds like a dumb question but I know I'll be asked) Anything to avoid login and password would be great.
Thank you again.
Well, the thing about login/password is that its built into HTTP and
gets through almost any intermediate systems. You could implement some
fancy side-band setups, but they are more risky and prone to errors.
There are plenty of back ends to Basic Auth, its simple and users do
understand it. If its a problem with security there is digest auth with
encrypted name/password nonce.
Amos
--
Please use Squid 2.7.STABLE2 or 3.0.STABLE6
