2016-06-08 20:30 GMT-03:00 Marcus Kool <marcus.kool@xxxxxxxxxxxxxxx>:
On 06/08/2016 07:53 PM, Sergio Belkin wrote:
Thanks Eliezer, good summary. I've changed the subject to reflect better the issue. As far I undestand from documention one can bump https only by interception.
No. ssl-bump works very well with regular proxy mode, i.e. the browsers configure the address and port of the proxy or use PAC.
But what about if one Windows user login against an Active Directory, will the authenticacion work to use the proxy?
I mean, what I'd want is:
- Only users of an Active Directory can use the proxy
In regular proxy mode, authentication and peek+splice works fine.
Note that peek+splice does not require Squid CA certificates on the clients.
With peek+splce I block urls without CA certificates on the clients? Remember I mean urls, not only domains!
- Block certains urls
Is that possible with squid+ufwdbguard?
ufdbGuard works always, independent if Squid uses interception or not.
The issue is the messages that a browser displays for the end user (see earlier email).
Marcus
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
