Hi Alex, > > My scenario is: > > I have a serverless API that needs to connect to a couple specific > > targets from a static IP. > > As this serverless API doesn't have a static IP, I thought to do this > > through a proxy server. > > That's why I need to enforce security on the authentication layer. > > And, I presume, you do not trust the API to only request what it should. > If you trust the API, then you do not need the allowed_target check. > > Also, if possible, consider using certificate-based authentication > rather than HTTP authentication to authenticate your clients to Squid. > Certificate-based authentication happens earlier, before Squid has to > deal with all the dangers of HTTP negotiations. That's a good point. First, I can trust the requester API, but I can't trust the source network, it's on the cloud and sure it has other applications in the same public network. I also plan to send these requests through NAT from a static IP, so I can accept requests only from a specific IP. The idea of using Certificate-based authentication is really good. Is it possible to do this between client-squid or do you mean client-to-other-end? Thanks Ronan _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
