[squid-users] Is there a way to allow connection according to user certificate?
yvoinov at gmail.com
Thu May 5 16:17:13 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
05.05.16 22:07, Ser de Bronce пишет:
> > But this is the default behaviour for proxy with auth
> I didn't know that.
> Initially I tested on iPhone using wi-fi connection and as I said
earlier there are wi-fi proxy settings on iPhone so user should type
them only once and then each browser and app works without asking
> > I still do not understand the purpose for which authentication is
> This proxy will be available from anywhere, but I need to prevent
usage of this proxy by anyone, except my clients. This is the main purpose.
> I had a plan to give login and password to each client, but as I said
earlier this is not possible because of user experience reasons.
> Also I can't rely on MAC, IP or other indirect attributes.
Now understand. I see no better solution except external auth helper.
The only thing: there is not exists now in Squid with ready-to-use. It
contains only template.
> So I try to find other ways to check if user who is connecting to
proxy is my client or not.
> Right now I see only two ways here:
> 1) authentication by proxy server using certificates
> 2) authentication by some other server which accept certificates and
then redirecting connections to proxy.
Yep, something like OpenLDAP, OpenVPN or combination.
> As I said I'm novice and didn't use proxy earlier. Maybe you know
Hm. Consider this:
> Best regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2437 bytes
Desc: not available
More information about the squid-users