Re: [squid-users] SSL sites bypass authentication

From: Milen Pankov <mail_at_milen.pankov.eu>
Date: Mon, 19 Mar 2012 21:46:48 +0200

On 19.03.2012 19:09, Matus UHLAR - fantomas wrote:
>
> it's impossible for the proxy to pass error page to the browser, when
> the user bypasses the proxy and connects to the website directly.
>
> You must deny direct access to HTTPS (port 443) sites by a firewall and
> force browsers to use the proxy, if you want to control access on the
> proxy.
>
> However, as long as HTTPS is encrypted, the only way you can allow/deny
> users using some sites, is having list of sites (IP addresses) that will
> be allowed (and deny access to others) or denied (and allow access to
> others).
Hi,

Yes I understand that. However as the direct traffic to port 443 happens
on the client computer and not on the server I don't have access to
every client computer to block access to port 443 by a firewall and I
don't think that is necessary. The user may or may not use the proxy,
it's up to the user. However if he has configured the browser to use a
proxy and the browser does not use the proxy (although user refused to
authenticate) that's the problem. As I however said I first thought it
was a browser problem, but it appears not to be as I can reproduce it on
different browsers. May be it is not only a squid problem, it may be
both a browser and a squid problem, I don't know.

Regards,
Milen
Received on Mon Mar 19 2012 - 19:51:49 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 12:00:04 MDT