Search squid archive

Re: Peek'n Splice (ssl_bump) and authentication Somewhat OT: Content Filter with https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 06/09/2016 11:26 PM, Sergio Belkin wrote:


2016-06-08 20:30 GMT-03:00 Marcus Kool <marcus.kool@xxxxxxxxxxxxxxx <mailto:marcus.kool@xxxxxxxxxxxxxxx>>:



    On 06/08/2016 07:53 PM, Sergio Belkin wrote:


        Thanks Eliezer, good summary. I've changed the subject to reflect better the issue. As far I undestand from documention one can bump https only by interception.


    No.  ssl-bump works very well with regular proxy mode, i.e. the browsers configure the address and port of the proxy or use PAC.

        But what about if one Windows user login against an Active Directory, will the authenticacion work to use the proxy?

        I mean, what I'd want is:

        - Only users of an Active Directory can use the proxy


    In regular proxy mode, authentication and peek+splice works fine.
    Note that peek+splice does not require Squid CA certificates on the clients.




With peek+splce I block urls without CA certificates on the clients? Remember I mean urls, not only domains!

No. To block HTTPS URLs one needs ssl_bump with peek+bump mode for all blocked URLs (see my message of June 8).
With peek+bump ufdbGuard can block anything you like and produce understandable messages to the end user.

Marcus

        - Block certains urls

        Is that possible with squid+ufwdbguard?


    ufdbGuard works always, independent if Squid uses interception or not.
    The issue is the messages that a browser displays for the end user (see earlier email).

    Marcus
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux