Re: [squid-users] Block and allow connections by CA
On 12/19/19 5:56 AM, Patrícia Sousa wrote: > I would like to have an IoT device that only receives and sends requests > to and from certain devices that belong and are authenticated by a > specific certificate authority. Is it possible to block all other > connections or only allow connections from devices that belong to a > specific CA? Yes, I believe it is possible: * Squid can check (via an https_port configuration option) that a TLS client possesses a certificate signed by a specific CA. * Squid can check (via a ca_cert ACL) that a TLS server uses a certificate signed by a specific CA. This ACL can be applied during SslBump step3 processing, but there may be a way to sneak it in without using SslBump (or such a way can be added by modifying Squid). If ca_cert options are not enough, Squid can check other server certificate properties via a custom certificate validation daemon (which you would have to write). Or one could add support for more properties to the ca_cert ACL. Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] good guide to AntiVirus detection, squid4
Thanks Rafael, So to get this up and running can I install it on a centos 7 vm or does it have to be a Ubuntu? Also what squid version do I need to put on my vm for this to work as I don't see a squid install script Many thanks, Rob On Thu, 19 Dec 2019, 16:07 Rafael Akchurin, wrote: > Hello Robert, > > > > Please see scripts at > https://github.com/diladele/websafety/tree/release-7.2.0/core.ubuntu18 on > how we do that (if you do not need web filtering – just ignore that part). > > > > Best regards, > > Rafael > > > > *From:* squid-users *On > Behalf Of *robert k Wild > *Sent:* Thursday, 19 December 2019 16:03 > *To:* squid-users@lists.squid-cache.org > *Subject:* [squid-users] good guide to AntiVirus detection, squid4 > > > > hi all, hope your all well :) > > > > im looking after a good guide to set up real time antivirus on squid 4 for > all the traffic > > > > i have seen numerous tools for this like clamAV, C-icap, HAVP and i have > read since squid 3, squid comes with icap > > > > can i just use icap the build in one or shall i use something else to go > with it > > > > if anyone has got suggestions and can show me a good guide on how to do > it, that would be great > > > > thanks, > > rob > > > -- > > Regards, > > Robert K Wild. > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] good guide to AntiVirus detection, squid4
Hello Robert, Please see scripts at https://github.com/diladele/websafety/tree/release-7.2.0/core.ubuntu18 on how we do that (if you do not need web filtering – just ignore that part). Best regards, Rafael From: squid-users On Behalf Of robert k Wild Sent: Thursday, 19 December 2019 16:03 To: squid-users@lists.squid-cache.org Subject: [squid-users] good guide to AntiVirus detection, squid4 hi all, hope your all well :) im looking after a good guide to set up real time antivirus on squid 4 for all the traffic i have seen numerous tools for this like clamAV, C-icap, HAVP and i have read since squid 3, squid comes with icap can i just use icap the build in one or shall i use something else to go with it if anyone has got suggestions and can show me a good guide on how to do it, that would be great thanks, rob -- Regards, Robert K Wild. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] good guide to AntiVirus detection, squid4
hi all, hope your all well :) im looking after a good guide to set up real time antivirus on squid 4 for all the traffic i have seen numerous tools for this like clamAV, C-icap, HAVP and i have read since squid 3, squid comes with icap can i just use icap the build in one or shall i use something else to go with it if anyone has got suggestions and can show me a good guide on how to do it, that would be great thanks, rob -- Regards, Robert K Wild. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Block and allow connections by CA
Hello, I was researching a proxy service for access control, and I'm wondering if this service is capable of doing what I want. I would like to have an IoT device that only receives and sends requests to and from certain devices that belong and are authenticated by a specific certificate authority. Is it possible to block all other connections or only allow connections from devices that belong to a specific CA? Thank you, Best regards ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
