[squid-users] Peek'n Splice (ssl_bump) and authentication Somewhat OT: Content Filter with https
Sergio Belkin
sebelk at gmail.com
Fri Jun 10 02:26:16 UTC 2016
2016-06-08 20:30 GMT-03:00 Marcus Kool <marcus.kool at urlfilterdb.com>:
>
>
> On 06/08/2016 07:53 PM, Sergio Belkin wrote:
>
>>
>> Thanks Eliezer, good summary. I've changed the subject to reflect better
>> the issue. As far I undestand from documention one can bump https only by
>> interception.
>>
>
> No. ssl-bump works very well with regular proxy mode, i.e. the browsers
> configure the address and port of the proxy or use PAC.
>
> But what about if one Windows user login against an Active Directory, will
>> the authenticacion work to use the proxy?
>>
>> I mean, what I'd want is:
>>
>> - Only users of an Active Directory can use the proxy
>>
>
> In regular proxy mode, authentication and peek+splice works fine.
> Note that peek+splice does not require Squid CA certificates on the
> clients.
>
With peek+splce I block urls without CA certificates on the clients?
Remember I mean urls, not only domains!
>
> - Block certains urls
>>
>> Is that possible with squid+ufwdbguard?
>>
>
> ufdbGuard works always, independent if Squid uses interception or not.
> The issue is the messages that a browser displays for the end user (see
> earlier email).
>
> Marcus
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160609/a6a18297/attachment.html>
More information about the squid-users
mailing list