Re: [squid-users] providing a secure basic authentication

From: Alex Sharaz <A.Sharaz@dont-contact.us>
Date: Thu, 23 Sep 2004 12:12:43 +0100

--On 23 September 2004 12:49 +0200 Henrik Nordstrom <hno@squid-cache.org>
wrote:

> On Thu, 23 Sep 2004, Alex Sharaz wrote:
>
>> This sounds interesting, given that almost every man and his dog is
>> using IE or mozilla/firefox anyone know if they suport proxy
>> connections over ssl?
>
> Not last time I looked, but there is a rumor that recent versions of
> mozilla/firefox may. Have not found it in the versions of Mozilla I have
> access to however.
>
o.k. i'm running the pre release version of firefox. I'll have a look.

> What works for all browsers is to use a ssl tunnel client. stunnel is a
> reasonable and free one.
>
Already using stunnel for email access through our firewall
works great.

> The principle when using an ssl tunnel is that you run a small SSL proxy
> gateway/tunnel on the client configured to connect to the proxy
> https_port, the client browser is then configured to use the local port
> of the SSL proxy.
>
> Browser -> (localhost) stunnel -> (SSL) Proxy https_port
>
> stunnel then wraps all requests send by the browser into an encrypted SSL
> tunnel and sends them to the proxy.
>
> If you have central administration of your Windows boxes it should not be
> too hard to push out the stunnel client and new proxy configuration to
> the clients.
>
The problem is that we don't. We are taking about personal pcs in the
Student Halls of Residence.
I don't impose proxy authentication on all of our users, just our students
and wireless lan users.

Still, I'll have a play and see what we can do. It would be better if there
was some way of not having to install something on the client.

Many thanks
alex
> Regards
> Henrik

Sent using Mulberry 3.1.2
Received on Thu Sep 23 2004 - 05:14:21 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT