[squid-users] How to configure a "proxy home" page ?
Yuri
yvoinov at gmail.com
Sun Mar 25 15:41:54 UTC 2018
25.03.2018 20:32, Matus UHLAR - fantomas пишет:
>>>> Le 25/03/2018 à 13:08, Yuri a écrit :
>>>>> The problem is not install proxy CA. The problem is identify client
>>>>> has no proxy CA and redirect, and do it only one time.
>>>
>>> On 25.03.18 13:46, Nicolas Kovacs wrote:
>>>> That is exactly the problem. And I have yet to find a solution for
>>>> that.
>>>>
>>>> Current method is instruct everyone - with a printed paper in the
>>>> office
>>>> - to connect to proxy.company-name.lan and then get further
>>>> instructions
>>>> from the page. This works, but an automatic splash page would be more
>>>> elegant.
>
>> 25.03.2018 18:42, Matus UHLAR - fantomas пишет:
>>> impossible and unsafe. The CA must be installed before such splash
>>> page shows
>
> On 25.03.18 18:44, Yuri wrote:
>> Possible. "Safe/Unsafe" should not be discussion when SSL Bump
>> implemented already.
>
> it's possible to install splash page, but not install trusted authority
> certificate. Using such authority on a proxy is the MITM attack and
> whole
> SSL has been designed to prevent this.
Heh. If SSL designed - why SSL Bump itself possible? ;):-P
>
> without certificate, the browser complains which is a security measure
> against this.
Sure. It should.
>
>>> up and in such case the splash page is irelevant.
>>>
>>> If you have windows domain, you can force security policy through it.
>
>> In enterprise environment with AD, yes. But hardly in service provider's
>> scenarious.
>
> service providers should not do this without users' permission.
> at least not in countries where the privacy is guaranteed by law.
Thank you, Captain Obvious. :-) Enterprises also should get user
agreement before do that. Especially in BYOD scenarious.
All these things are well known here. The question was about technical
implementation, and not about the well-known truisms in the field of
security and privacy (in most cases of ephemeral).
--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180325/b491d38c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180325/b491d38c/attachment-0001.sig>
More information about the squid-users
mailing list