Search squid archive

Re: sslBump somehow interferes with authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/11/2015 7:12 a.m., Eugene M. Zheganin wrote:
> 
> As soon as I add sslBump, everything that is bumped, starts to be
> blocking by 'http_access deny unauthorized' (everything that's spliced
> works as intended). And I completely cannot understand why. Yes, I can
> remove this line, but this way I'm loosing deny_info for specific cases
> when someone fails to authorize, and plus - without sslBump it was
> working, right ? Please help me understand this and solve the issue.
> 

Proxy-authentication cannot be performed on MITM'd traffic. That
includes SSL-bump decrypted messages.

However, unlike the other methods SSL-bump CONNECT wrapper messages in
explicit-proxy traffic can be authenticated and their credentials
inherited by the messages decrypted. Squid should be doing that. But
again cannot do it for the fake/synthetic ones it generates itself on
intercepted port 443 traffic.

So the question becomes, why are foo and bar ACLs not matching?
 http_access rules are applied separately to the CONNECT wrapper message
and to the decrypted non-CONNECT HTTP message(s).

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux