Em 03/01/2019 12:37, stressedtux escreveu:
Hi guys! i need a hand to understand if it is possible to configure the proxy a particular way. Im needing to configure the proxy to allow at the same time: - a whitelist of sites that anyone that uses the proxy could use without login - and in addition to that i need to have specific ACLs for different authenticated users. I need to control both http and https connections to external sites. I can use sslbump but im having hard time configuring sslbump with proxy_auth, and on top of that, i need different acl whitelists for different users. Is this kind of configuration possible? Just trying to understand if im on a dead road :D Thanks in advanced! Tux
This link helped me a lot with ssl_bump: https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit To bump intercepted (implicit) https connections, you would need to add 'https_port' with 'intercept' option to another REDIRECTed port, considering the example from the link. To 'bump' connections you need to add your self-signed certificate to the clients' trusted store, or else they will always receive certificate errors in their browsers.
Keep in mind that you don't need to use ssl_bump to block/allow https sites in most cases (in explicit mode, for example). Bumping is most useful if you're willing to audit the users' access in a deeper level or cache web content from https websites. If setting up the clients is a problem to you, use 'splice' instead. It won't open the https traffic for you though.
The users and white-list part is a very common setup, there are lots of examples out there.
-Bruno _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
