[squid-users] Is there a way to allow connection according to user certificate?
yvoinov at gmail.com
Thu May 5 13:13:50 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
05.05.16 19:06, Ser de Bronce пишет:
> Dear Amos and Yuri, thanks a lot for your answers.
> Sorry for the mess, I'm novice here.
> As it turned out my proxy is not transparent...
> By "some reasons" I meant clients' experience reasons, let me explain.
> I use explicit proxy and my clients connect to proxy using iPhone only.
> I installed self-signed certificate on every iPhone and made
> It works perfect for wi-fi connection, because in this case iPhone
gives a possibility to specify proxy domain, port, login and password.
> However to make them connect to proxy using mobile internet I had to
install APN profile on each iPhone. Inside APN profile I can specify
domain and port, but not login and pass (APN doesn't have such
settings). So when client opens browser using mobile internet he is
asked for login/pass every time. This situation is not appropriate for
me so I can't use login/pass.
But this is the default behaviour for proxy with auth.
I still do not understand the purpose for which authentication is required?
> I'm thinking that maybe it's possible to replace login/pass
authentication with certificate authentication.
> I want to authenticate users using a digital certificate they already
have on their iPhone.
> I found some articles about certificate authentication for reverse
proxy, but can't find anything about explicit one.
Reverse proxy is different thing against forwarding/transparent proxy.
AFAIK there is no solution you asked.
But you can be first.
I see this:
1. You can write external auth helper, with Perl/Pyton/etc. for
2. You can setup DHCP with 252 option for push proxy.pac to your clients.
3. You can tell us about success ;)
> Is it possible?
In theory, everything is possible, which does not contradict the laws of
> Best Regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2437 bytes
Desc: not available
More information about the squid-users