[squid-users] Peek'n Splice (ssl_bump) and authentication Somewhat OT: Content Filter with https
marcus.kool at urlfilterdb.com
Wed Jun 8 23:30:08 UTC 2016
On 06/08/2016 07:53 PM, Sergio Belkin wrote:
> Thanks Eliezer, good summary. I've changed the subject to reflect better the issue. As far I undestand from documention one can bump https only by interception.
No. ssl-bump works very well with regular proxy mode, i.e. the browsers configure the address and port of the proxy or use PAC.
> But what about if one Windows user login against an Active Directory, will the authenticacion work to use the proxy?
> I mean, what I'd want is:
> - Only users of an Active Directory can use the proxy
In regular proxy mode, authentication and peek+splice works fine.
Note that peek+splice does not require Squid CA certificates on the clients.
> - Block certains urls
> Is that possible with squid+ufwdbguard?
ufdbGuard works always, independent if Squid uses interception or not.
The issue is the messages that a browser displays for the end user (see earlier email).
More information about the squid-users