Citēts Amos Jeffries <squid3@xxxxxxxxxxxxx>
Sun, 19 May 2019 14:53:33 +1200:
On 19/05/19 5:45 am, Jānis wrote:
Hi!
It is clear for me how to limit access to proxy from specific IPs using
ACL.
I wish to create the config for the use of proxy over ssl from any
address. How would basic cfg look like assuming it is the only way how
to use proxy?
https_port 3127 tls-cert=/etc/squid/proxy.pem
http_access allow all
I hope you can see that this is *not* secure in any way. Simple TLS to a
proxy only protects the in-transit bytes against spying. The proxy is an
open-proxy for any attacker to use at will, and the TLS can trivially be
MITM'd.
You still need to have security checks (http_access rules) to check
whether the client is authorized to use the proxy.
Could it be user/password authentification? Is it plain-text or also over SSL?
The other solution could be using ssl tunnels with private key
authentification.
Janis
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
