[squid-users] Is there a way to allow connection according to user certificate?
Yuri Voinov
yvoinov at gmail.com
Thu May 5 16:17:13 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
05.05.16 22:07, Ser de Bronce пишет:
> Yuri,
>
> > But this is the default behaviour for proxy with auth
>
> I didn't know that.
> Initially I tested on iPhone using wi-fi connection and as I said
earlier there are wi-fi proxy settings on iPhone so user should type
them only once and then each browser and app works without asking
login/pass.
>
> > I still do not understand the purpose for which authentication is
required?
>
> This proxy will be available from anywhere, but I need to prevent
usage of this proxy by anyone, except my clients. This is the main purpose.
> I had a plan to give login and password to each client, but as I said
earlier this is not possible because of user experience reasons.
> Also I can't rely on MAC, IP or other indirect attributes.
Now understand. I see no better solution except external auth helper.
The only thing: there is not exists now in Squid with ready-to-use. It
contains only template.
>
> So I try to find other ways to check if user who is connecting to
proxy is my client or not.
> Right now I see only two ways here:
> 1) authentication by proxy server using certificates
> 2) authentication by some other server which accept certificates and
then redirecting connections to proxy.
Yep, something like OpenLDAP, OpenVPN or combination.
>
> As I said I'm novice and didn't use proxy earlier. Maybe you know
better solution.
Hm. Consider this:
http://wiki.squid-cache.org/ConfigExamples#Captive_Portal_features
>
> Best regards,
> Sergey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXK3IJAAoJENNXIZxhPexGKmwH/1JGpw1jD/GYGbuRHlOwuAP7
QU69ZZh0qd2T188Vs2gFgd9tc0dvVbxhkYljQPjdK2stDyQ5Ahzu/x8ke/Wp8Hhr
vHa7xVx1l4IP1tD9oEzfST7CovldVXjsHJ9/VLyIap2Cfszjhg4JRXwTblJjfOAM
r7qUSgUlHDDGcTxhEjXFp0pnVbJzN3NZXjLhyiuSUFESabxcyGXQUOHQMatjrLBu
XuZ9zwUu+1tUW3o72nYUytdB1gYMwgQePezDIYm+TX51fGu96SBN3qLyO96iQtzl
Iz8gNrqvJ1gWHgXLiMWznEckbHEBI3VTck38/VFyIs2P2Fzv+5hBOTp9s15APCI=
=R0my
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160505/828ec2a8/attachment.key>
More information about the squid-users
mailing list