[squid-users] Peek'n Splice (ssl_bump) and authentication Somewhat OT: Content Filter with https

Marcus Kool marcus.kool at urlfilterdb.com
Wed Jun 8 23:30:08 UTC 2016



On 06/08/2016 07:53 PM, Sergio Belkin wrote:
>
> Thanks Eliezer, good summary. I've changed the subject to reflect better the issue. As far I undestand from documention one can bump https only by interception.

No.  ssl-bump works very well with regular proxy mode, i.e. the browsers configure the address and port of the proxy or use PAC.

> But what about if one Windows user login against an Active Directory, will the authenticacion work to use the proxy?
>
> I mean, what I'd want is:
>
> - Only users of an Active Directory can use the proxy

In regular proxy mode, authentication and peek+splice works fine.
Note that peek+splice does not require Squid CA certificates on the clients.

> - Block certains urls
>
> Is that possible with squid+ufwdbguard?

ufdbGuard works always, independent if Squid uses interception or not.
The issue is the messages that a browser displays for the end user (see earlier email).

Marcus


More information about the squid-users mailing list