[squid-users] can squid handle indirect request from clients ?

snakeeyes ahmed.zaeem at netstream.ps
Wed Feb 18 19:57:37 UTC 2015 

Great , 
Another question ,
Does it differ if it was http request ot https request ?

I want to authenticate https request and I would like to buy a trusted certificate for that.

Do u think it will be possible ?

-----Original Message-----
From: Eliezer Croitoru [mailto:eliezer at ngtech.co.il] 
Sent: Tuesday, February 17, 2015 2:26 PM
To: squid-users at lists.squid-cache.org
Cc: snakeeyes
Subject: Re: [squid-users] can squid handle indirect request from clients ?

Hey,

There are couple ways to look at authentication and some would sometimes trade authorization to authentication and vise versa.

In some environments there is a mix of both terms which is required to build a logical service unit.
I do not have all my archives but I remember that someone have asked about some single sign on system which grants access using a login page to many in campus systems.
It was based on a very complex system which I do not remember right now.

There are options to run some process triggered by a radius server login or any other system that would be considered the authorization authority to mark a specific IP as ALLOWED or under some group.
I know that there are many network systems which uses a network level authorization and it is very useful.
The main difference between directly authenticating to squid vs 3rd party authentication is the way and level of authentication.

For example a radius server with an enterprise level switch and\or wifi access point can provide authentication encryption layer which squid direct authentication cannot provide and no matter what you will do.
Of course that in many cases it will require absolute reliability and should not allow mistakes.
One rule of thumb in the raidus lands network authentication security level is:
Every authenticated user can be only identified with one IP at a time.

So yes squid doesn't support a direct proxy authentication level in intercept and tproxy modes BUT using some external_acl helpers it's pretty simple to connect squid and an external authentication system. 
Here the answer turns the tables and makes it possible to authenticate even in intercept and tproxy mode but not at the same way many might think of.

All The Bests,
Eliezer

On 18/02/2015 04:04, snakeeyes wrote:
> Thanks eleizer , but does it support other types like radius authentication ?
>
> I mean all types of  authentications are forbidden in intercept mode ?

More information about the squid-users mailing list