What about a key? Either I do not understand something or there is something new in squid. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries Sent: Sunday, May 19, 2019 5:54 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: CFG for access using certificates On 19/05/19 5:45 am, Jānis wrote: > Hi! > > It is clear for me how to limit access to proxy from specific IPs using > ACL. > I wish to create the config for the use of proxy over ssl from any > address. How would basic cfg look like assuming it is the only way how > to use proxy? > https_port 3127 tls-cert=/etc/squid/proxy.pem http_access allow all I hope you can see that this is *not* secure in any way. Simple TLS to a proxy only protects the in-transit bytes against spying. The proxy is an open-proxy for any attacker to use at will, and the TLS can trivially be MITM'd. You still need to have security checks (http_access rules) to check whether the client is authorized to use the proxy. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
