On 19/05/19 5:45 am, Jānis wrote: > Hi! > > It is clear for me how to limit access to proxy from specific IPs using > ACL. > I wish to create the config for the use of proxy over ssl from any > address. How would basic cfg look like assuming it is the only way how > to use proxy? > https_port 3127 tls-cert=/etc/squid/proxy.pem http_access allow all I hope you can see that this is *not* secure in any way. Simple TLS to a proxy only protects the in-transit bytes against spying. The proxy is an open-proxy for any attacker to use at will, and the TLS can trivially be MITM'd. You still need to have security checks (http_access rules) to check whether the client is authorized to use the proxy. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
