Squid authentication encryption

ssl squid

Solution 1:

You could use HTTP Digest authentication with squid. This way the passwords would not be passed clear-text. This is quite easy to configure, no certificated needed, little overhead. I have successfully used it for some time in a small company.

There are some problems with this approach, though:

  • Many HTTP clients have digest authentication implementation broken.
  • You will probably not be able to use your current ('encrypted') password database.

Solution 2:

See http://squid-web-proxy-cache.1019090.n4.nabble.com/Simple-Kerberos-Squid-configuration-received-type-1-NTLM-token-td2553379.html#a2553379.

Using SSO (Kerberos) with Firefox as client (on a Windows Xp client and Linux server with Kerberos and no AD and no LDAP if not needed) is a solution.

Solution 3:

You can create an ACL using the user_cert ACL Type in squid.conf.

acl ssl_authentication user_cert somecertattributevalue

Then create filters using that ACL.

http_access deny all
http_access allow ssl_authentication

Related

Using slapcat to backup LDAP
Mail command using alternative SMTP port?
Can I set a default domain for a Windows Authenticated website in IIS7?
Sharepoint Backup
Perl search & replace
How can I monitor the TCP traffic to a port for a given IP?
Can you download Hyper-V?
Providing high availability and failover using MySQL on EC2
Why are there two backplane connectors inside a Dell poweredge r410?
How to launch a process after some period of inactivity in Windows?
Difference between CurrentClockSpeed and MaxClockSpeed
How do I reset all BITS jobs from PowerShell?