[squid-users] How to configure a "proxy home" page ?

Matus UHLAR - fantomas uhlar at fantomas.sk
Sun Mar 25 14:32:13 UTC 2018


>>> Le 25/03/2018 à 13:08, Yuri a écrit :
>>>> The problem is not install proxy CA. The problem is identify client
>>>> has no proxy CA and redirect, and do it only one time.
>>
>> On 25.03.18 13:46, Nicolas Kovacs wrote:
>>> That is exactly the problem. And I have yet to find a solution for that.
>>>
>>> Current method is instruct everyone - with a printed paper in the office
>>> - to connect to proxy.company-name.lan and then get further instructions
>>> from the page. This works, but an automatic splash page would be more
>>> elegant.

>25.03.2018 18:42, Matus UHLAR - fantomas пишет:
>> impossible and unsafe. The CA must be installed before such splash
>> page shows

On 25.03.18 18:44, Yuri wrote:
>Possible. "Safe/Unsafe" should not be discussion when SSL Bump
>implemented already.

it's possible to install splash page, but not install trusted authority
certificate.  Using such authority on a proxy is the MITM attack and whole
SSL has been designed to prevent this.

without certificate, the browser complains which is a security measure
against this.

>> up and in such case the splash page is irelevant.
>>
>> If you have windows domain, you can force security policy through it.

>In enterprise environment with AD, yes. But hardly in service provider's
>scenarious.

service providers should not do this without users' permission.
at least not in countries where the privacy is guaranteed by law.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.


More information about the squid-users mailing list