[squid-users] CFG for access using certificates
ngtech1ltd at gmail.com
ngtech1ltd at gmail.com
Mon May 20 16:44:11 UTC 2019
What about a key?
Either I do not understand something or there is something new in squid.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Sunday, May 19, 2019 5:54 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] CFG for access using certificates
On 19/05/19 5:45 am, Jānis wrote:
> Hi!
>
> It is clear for me how to limit access to proxy from specific IPs using
> ACL.
> I wish to create the config for the use of proxy over ssl from any
> address. How would basic cfg look like assuming it is the only way how
> to use proxy?
>
https_port 3127 tls-cert=/etc/squid/proxy.pem
http_access allow all
I hope you can see that this is *not* secure in any way. Simple TLS to a
proxy only protects the in-transit bytes against spying. The proxy is an
open-proxy for any attacker to use at will, and the TLS can trivially be
MITM'd.
You still need to have security checks (http_access rules) to check
whether the client is authorized to use the proxy.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list