On 06/09/2016 11:26 PM, Sergio Belkin wrote:
2016-06-08 20:30 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com
<mailto:marcus.k...@urlfilterdb.com>>:
On 06/08/2016 07:53 PM, Sergio Belkin wrote:
Thanks Eliezer, good summary. I've changed the subject to reflect
better the issue. As far I undestand from documention one can bump https only
by interception.
No. ssl-bump works very well with regular proxy mode, i.e. the browsers
configure the address and port of the proxy or use PAC.
But what about if one Windows user login against an Active Directory,
will the authenticacion work to use the proxy?
I mean, what I'd want is:
- Only users of an Active Directory can use the proxy
In regular proxy mode, authentication and peek+splice works fine.
Note that peek+splice does not require Squid CA certificates on the clients.
With peek+splce I block urls without CA certificates on the clients? Remember I
mean urls, not only domains!
No. To block HTTPS URLs one needs ssl_bump with peek+bump mode for all blocked
URLs (see my message of June 8).
With peek+bump ufdbGuard can block anything you like and produce understandable
messages to the end user.
Marcus
- Block certains urls
Is that possible with squid+ufwdbguard?
ufdbGuard works always, independent if Squid uses interception or not.
The issue is the messages that a browser displays for the end user (see
earlier email).
Marcus
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
