-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 05.05.16 19:06, Ser de Bronce пишет: > Dear Amos and Yuri, thanks a lot for your answers. > > Sorry for the mess, I'm novice here. > As it turned out my proxy is not transparent... > > By "some reasons" I meant clients' experience reasons, let me explain. > > I use explicit proxy and my clients connect to proxy using iPhone only. > I installed self-signed certificate on every iPhone and made login/pass authentication. > It works perfect for wi-fi connection, because in this case iPhone gives a possibility to specify proxy domain, port, login and password. > However to make them connect to proxy using mobile internet I had to install APN profile on each iPhone. Inside APN profile I can specify domain and port, but not login and pass (APN doesn't have such settings). So when client opens browser using mobile internet he is asked for login/pass every time. This situation is not appropriate for me so I can't use login/pass. But this is the default behaviour for proxy with auth. I still do not understand the purpose for which authentication is required? > > I'm thinking that maybe it's possible to replace login/pass authentication with certificate authentication. > I want to authenticate users using a digital certificate they already have on their iPhone. > > I found some articles about certificate authentication for reverse proxy, but can't find anything about explicit one. Reverse proxy is different thing against forwarding/transparent proxy. AFAIK there is no solution you asked. But you can be first. I see this: 1. You can write external auth helper, with Perl/Pyton/etc. for authentification. 2. You can setup DHCP with 252 option for push proxy.pac to your clients. 3. You can tell us about success ;) > Is it possible? In theory, everything is possible, which does not contradict the laws of physics. :) > > Best Regards, > Sergey > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXK0cOAAoJENNXIZxhPexGUG4H/3uMpUgrRnO1kILD+jGr96+4 7JVAm6NUrmnzseYLz2BkXtWPCb2fWxsOoQOWXdwHZR9YtpsM6aSFG+zG0nRzGWFs /nicGIThegKRfD6ONhumRPKzDKdIhEx+XSKcoaxB0q157ncTsgrazvoyLYetza+5 iTNSR30WNdqoslR5GlJDW4etTO88xfCu+trrhFI3yKFevzbq9xkrfBC06K0+RX2U twaAHJToGRoiAhEsrhD9MwxxGj4E8NUYGvhaAfINyqSjXNJhQ0d4eTwTp18Dok13 ae/ake0f0aSnrCN7riBMS5iIINvwKMf/bTCibMGSJ1TVnr7B5K6RNVR3eqtQ0lU= =pQ4f -----END PGP SIGNATURE-----
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
