Re: [squid-users] secure authentication between browser and squid redux

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 13 Nov 2007 22:52:24 +0100

No, the situation is still the same with support for encrypted proxy
connections missing from all browsers.

There is no general frameworks for out-of-band authentiation for Squid
published, but it's not very hard. Plugs in to Squid via the external
acl mechanism feeding Squid with the current username identified as
using the requesting client station IP..

Please note that any such schemes falls down more or less completely the
day you have inner proxies. Still possible, but gets much harder to
implement proper.. (requires X-Forwarded-For, and complete trust in the
inner proxies).

On ons, 2007-11-07 at 14:41 -0800, Jay Krous wrote:
> I am wondering if anything has changed regarding browser support for SSL
> enabled proxy authentication. This is the last I see on the issue.
>
> >> 2006-12-07
> >> I'm trying to set up a squid proxy with a secure LDAP
> >> authentication communication between browser (firefox) and squid .
>
> > Difficult, as neither MSIE or Firefox supports SSL encrypted proxy
> > connections..
>
> Neither digest, ntlm, or stunnel on clients are attractive options for
> us to secure browser proxy auth. We use LDAP.
>
> Are there other generalized methods being used to handle proxy
> authentication from browser to squid securely? For example, front
> ending the proxy authentication with a webpage and passing a message to
> squid to allow proxy to those who authenticate on the webpage. Or does
> everyone roll their own?
>
> Thanks much in advance.
>
> -Jay
>
>
>
>

Received on Tue Nov 13 2007 - 14:52:39 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST