Re: [squid-users] Is there a way to allow connection according to user certificate?
Yuri, > But this is the default behaviour for proxy with auth I didn't know that. Initially I tested on iPhone using wi-fi connection and as I said earlier there are wi-fi proxy settings on iPhone so user should type them only once and then each browser and app works without asking login/pass. > I still do not understand the purpose for which authentication is required? This proxy will be available from anywhere, but I need to prevent usage of this proxy by anyone, except my clients. This is the main purpose. I had a plan to give login and password to each client, but as I said earlier this is not possible because of user experience reasons. Also I can't rely on MAC, IP or other indirect attributes. So I try to find other ways to check if user who is connecting to proxy is my client or not. Right now I see only two ways here: 1) authentication by proxy server using certificates 2) authentication by some other server which accept certificates and then redirecting connections to proxy. As I said I'm novice and didn't use proxy earlier. Maybe you know better solution. Best regards, Sergey ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Is there a way to allow connection according to user certificate?
Dear Amos and Yuri, thanks a lot for your answers. Sorry for the mess, I'm novice here. As it turned out my proxy is not transparent... By "some reasons" I meant clients' experience reasons, let me explain. I use explicit proxy and my clients connect to proxy using iPhone only. I installed self-signed certificate on every iPhone and made login/pass authentication. It works perfect for wi-fi connection, because in this case iPhone gives a possibility to specify proxy domain, port, login and password. However to make them connect to proxy using mobile internet I had to install APN profile on each iPhone. Inside APN profile I can specify domain and port, but not login and pass (APN doesn't have such settings). So when client opens browser using mobile internet he is asked for login/pass every time. This situation is not appropriate for me so I can't use login/pass. I'm thinking that maybe it's possible to replace login/pass authentication with certificate authentication. I want to authenticate users using a digital certificate they already have on their iPhone. I found some articles about certificate authentication for reverse proxy, but can't find anything about explicit one. Is it possible? Best Regards, Sergey ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Is it possible to log request's proxy hostname in the access log?
Thank you for immediate answer, Antony. Best Regards, Sergey 2016-04-21 23:26 GMT+03:00 Antony Stone <antony.st...@squid.open.source.it>: > On Thursday 21 April 2016 at 22:21:15, Ser de Bronce wrote: > > > I have a squid server that can be accessed from multiple subdomains. > > For example, user A does a proxy request on "aaa.myproxy.com" and user > B on > > "bbb.myproxy.com" > > Is it possible to log which subdomain was requested by the user? > > No, because DNS resolves both hostnames to the IP address of your proxy, > and > the requests are then sent to that IP address. The requests contain no > information about the hostname which the client thought the proxy should > have. > > > Antony. > > -- > Most people are aware that the Universe is big. > > - Paul Davies, Professor of Theoretical Physics > >Please reply to the > list; > please *don't* CC > me. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Is it possible to log request's proxy hostname in the access log?
Hi there, Maybe someone already knows any solution: I have a squid server that can be accessed from multiple subdomains. For example, user A does a proxy request on "aaa.myproxy.com" and user B on "bbb.myproxy.com" Is it possible to log which subdomain was requested by the user? Best Regards, Sergey ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
