Answer the question
In order to leave comments, you need to log in
Debian Squid 3.5.8 sll_bump with LDAP authorization how?
Good afternoon!
Squid 3.5.8 is configured with Active Directory authorization and helpers, everything works clearly here.
Over the weekend, I decided to try based on this article:
habrahabr.ru/post/272733
Since the issue with SSL inspection has been standing for a long time.
Everything worked out according to the article, many thanks to its creator. But ssl_bump works only in transparent mode, it was not possible to make it work with authorization. Can someone tell me where to dig? In transparent mode, we do not arrange work, since there are a number of terminal access servers (that is, even creating rules by IP will not work).
It is necessary that authorization based on Active Directory groups is transparent to the user (using http, the user does not even understand that all his actions on the proxy are visible).
Forgot to add browsers configured using wpad.dat or statically specified proxy server!
Maybe someone tried to run this configuration?
Answer the question
In order to leave comments, you need to log in
I searched, yes, it’s really possible, this has long been possible when dynamic certificate generation was still used. That is, SSL inspection by means of certificate substitution.
I'll try and post what happens!
Yes, Squid requires the intercept parameter in the HTTPS_PORT directive . I haven't checked, but judging by the documentation on the site, you can shift ssl_bump to HTTP_PORT by specifying the necessary parameters in it
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question