[squid-users] Secure basic authentication on Squid

Yuri yvoinov at gmail.com
Wed Dec 6 12:10:44 UTC 2017



06.12.2017 16:57, Matus UHLAR - fantomas пишет:
>>> On Wed, Dec 6, 2017 at 7:01 AM, Jason Haar wrote:
>>>> To reiterate Alex, "yes you can".
>>>>
>>>> Squid supports "proxy over TLS" as well as the old/default "proxy
>>>> over TCP"
>>>> - you use the https_port option
>>>>
>>>> ...but getting browsers to support it is challenging. The best way
>>>> would be
>>>> to create a WPAD file that tells browsers to use "HTTPS" instead of
>>>> "PROXY".
>>>> Then you can just use Proxy-Authentication using Basic and you'd be
>>>> all set.
>
>> On 06/12/17 21:32, Mathieu Peltier wrote:
>>> Is this secure proxy well supported by other applications than
>>> browsers in general (eg: wget, curl, yum, git, svn, php, ...)?
>>> Thanks,
>
> On 06.12.17 22:58, Amos Jeffries wrote:
>> Most of the non-Browser tools have been supporting TLS explicit
>> proxies for decades already and have comparativly easy control over
>> it. Browsers are the latecomers here.
>
> but they mostly do not support WPAD, because they do not support
> javascript.
>
> there is sw called libproxy that supports at least the part needed for
> WPAD
> but I'm not sure how many of those tools support it.
>
.... however CLI tools often understand http_proxy/https_proxy
environment variables.....

-- 
"Some people, when confronted with a problem, think «I know, I'll use regular expressions.» Now they have two problems."
--Jamie Zawinsk

**************************
* C++: Bug to the future *
**************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171206/1c890631/attachment.sig>


More information about the squid-users mailing list