[squid-users] auth_param tls? limiting proxy access based on client TLS authentication

Bob Rich bobrich at gmail.com
Fri Nov 13 19:30:39 UTC 2020

Hi folks,

Apologies if this is a faq or has treatment elsewhere but I can't find it.

I've got squid configured as an old-school explicit forward proxy.

I would like to limit access through the proxy to only those clients that
authenticate either to an HTTPS proxy listener or via client auth injected
into a CONNECT request to the origin server.  Please note that in this use
case the origin server is not expecting TLS auth in any way.  This is just
being used initially to prevent unauthenticated clients from using the

Ideally we would be able to base access control on information derived from
subject DN or other attributes in the certificate, but I'm just aiming for
basic functionality right now.

I built 4.13 locally on Ubuntu and as far as I can tell all of the other
SSL features are working (ssl_bump, generate-host-certificates, etc)

Thanks in advance for any advice!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201113/5094eb24/attachment.htm>

More information about the squid-users mailing list