[squid-users] tproxy sslbump and user authentication

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Apr 21 12:40:55 UTC 2020

>On Tuesday, April 21, 2020, 8:29:28 AM GMT+2, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>> Please see the FAQ:
>> <https://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Why_can.27t_I_use_authentication_together_with_interception_proxying.3F>
>> Why bother with the second proxy at all? The explicit proxy has access
>> to all the details the interception one does (and more - such as
>> credentials). It should be able to do all filtering necessary.

On 21.04.20 12:33, Vieri wrote:
>Can the explicit proxy ssl-bump HTTPS traffic and thus analyze traffic with ICAP + squidclamav, for instance?


>Simply put, will I be able to block, eg. 
> https://secure.eicar.org/eicarcom2.zip not by mimetype, file extension,
> url matching, etc., but by analyzing its content with clamav via ICAP?

without bumping, you won't be able to block by anything, only by secure.eicar.org

>> TPROXY and NAT are for proxying traffic of clients which do not support
>> HTTP proxies. They are hugely limited in what they can do. If you have
>> ability to use explicit-proxy, do so.
>Unfortunately, some programs don't support proxies, or we simply don't care
> and want to force-filter traffic anyway.

of course, but it has drawbacks.
You need to create own certificate and push it to clients/applications.
Some applications may refuse the certificate anyway 

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)

More information about the squid-users mailing list