[squid-users] tproxy sslbump and user authentication

Vieri rentorbuy at yahoo.com
Mon Apr 20 23:08:31 UTC 2020


Is it possible to somehow combine the filtering capabilities of tproxy ssl-bump for access to https sites and the access control flexibility of proxy_auth (eg. kerberos)?

Is having two proxy servers in sequence an acceptable approach, or can it be done within the same instance with the CONNECT method?

My first approach would be to configure clients to send their user credentials to an explicit proxy (Squid #1) which would then proxy_auth via Kerberos to a PDC. ACL rules would be applied here based on users, domains, IP addr., etc.

The http/https traffic would then go forcibly through a tproxy ssl-bump host (Squid #2) which would basically analyze/filter traffic via ICAP.

Has anyone already dealt with this problem, and how?



More information about the squid-users mailing list