Le 25/03/2018 à 13:08, Yuri a écrit :
The problem is not install proxy CA. The problem is identify client
has no proxy CA and redirect, and do it only one time.
On 25.03.18 13:46, Nicolas Kovacs wrote:
That is exactly the problem. And I have yet to find a solution for that.
Current method is instruct everyone - with a printed paper in the office
- to connect to proxy.company-name.lan and then get further instructions
from the page. This works, but an automatic splash page would be more
elegant.
25.03.2018 18:42, Matus UHLAR - fantomas пишет:
impossible and unsafe. The CA must be installed before such splash
page shows
On 25.03.18 18:44, Yuri wrote:
Possible. "Safe/Unsafe" should not be discussion when SSL Bump
implemented already.
it's possible to install splash page, but not install trusted authority
certificate. Using such authority on a proxy is the MITM attack and whole
SSL has been designed to prevent this.
without certificate, the browser complains which is a security measure
against this.
up and in such case the splash page is irelevant.
If you have windows domain, you can force security policy through it.
In enterprise environment with AD, yes. But hardly in service provider's
scenarious.
service providers should not do this without users' permission.
at least not in countries where the privacy is guaranteed by law.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users