2025-12-04

Author: squidadm

squid-users/2025-December.txt

@@ -114,3 +114,20 @@ HTH
 
 /tony
 
+From stu.lists at spacehopper.org  Thu Dec  4 12:11:25 2025
+From: stu.lists at spacehopper.org (Stuart Henderson)
+Date: Thu, 4 Dec 2025 12:11:25 -0000 (UTC)
+Subject: [squid-users] MFA with squid, is it possible?
+References: <CABA8h=R2_LzKNDmqiJjixPOrqNu7eHPWa1P5zuExFR8U_k_iTQ@mail.gmail.com>
+Message-ID: <slrn10j2ujd.n4i.stu.lists@naiad.spacehopper.org>
+
+On 2025-12-03, NgTech LTD <ngtech1ltd at gmail.com> wrote:
+> The issue with a proxy connection is that the client-to-service connection
+> is in plain text.
+
+It doesn't have to be. Squid can listen on https for client-to-proxy
+connections and some (but not all) clients can use that if you specify
+https://proxy.example.org:portnum/ as the proxy address.
+
+
+

squid-users/2025-December/027716.html

@@ -13,7 +13,7 @@
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
    <LINK REL="Previous"  HREF="027715.html">
-   
+   <LINK REL="Next"  HREF="027717.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
    <H1>[squid-users] MFA with squid, is it possible?</H1>
@@ -25,7 +25,8 @@ <H1>[squid-users] MFA with squid, is it possible?</H1>
     <P><UL>
         <LI>Previous message (by thread): <A HREF="027715.html">[squid-users] MFA with squid, is it possible?
 </A></li>
-        
+        <LI>Next message (by thread): <A HREF="027717.html">[squid-users] MFA with squid, is it possible?
+</A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#27716">[ date ]</a>
               <a href="thread.html#27716">[ thread ]</a>
@@ -76,13 +77,15 @@ <H1>[squid-users] MFA with squid, is it possible?</H1>
 /tony
 </PRE>
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
 	<LI>Previous message (by thread): <A HREF="027715.html">[squid-users] MFA with squid, is it possible?
 </A></li>
-	
+	<LI>Next message (by thread): <A HREF="027717.html">[squid-users] MFA with squid, is it possible?
+</A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#27716">[ date ]</a>
               <a href="thread.html#27716">[ thread ]</a>

squid-users/2025-December/027717.html

@@ -0,0 +1,67 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [squid-users] MFA with squid, is it possible?
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:squid-users%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-users%5D%20MFA%20with%20squid%2C%20is%20it%20possible%3F&In-Reply-To=%3Cslrn10j2ujd.n4i.stu.lists%40naiad.spacehopper.org%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <style type="text/css">
+       pre {
+           white-space: pre-wrap;       /* css-2.1, curent FF, Opera, Safari */
+           }
+   </style>
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="027716.html">
+   
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[squid-users] MFA with squid, is it possible?</H1>
+    <B>Stuart Henderson</B> 
+    <A HREF="mailto:squid-users%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-users%5D%20MFA%20with%20squid%2C%20is%20it%20possible%3F&In-Reply-To=%3Cslrn10j2ujd.n4i.stu.lists%40naiad.spacehopper.org%3E"
+       TITLE="[squid-users] MFA with squid, is it possible?">stu.lists at spacehopper.org
+       </A><BR>
+    <I>Thu Dec  4 12:11:25 UTC 2025</I>
+    <P><UL>
+        <LI>Previous message (by thread): <A HREF="027716.html">[squid-users] MFA with squid, is it possible?
+</A></li>
+        
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#27717">[ date ]</a>
+              <a href="thread.html#27717">[ thread ]</a>
+              <a href="subject.html#27717">[ subject ]</a>
+              <a href="author.html#27717">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On 2025-12-03, NgTech LTD &lt;<A HREF="https://lists.squid-cache.org/listinfo/squid-users">ngtech1ltd at gmail.com</A>&gt; wrote:
+&gt;<i> The issue with a proxy connection is that the client-to-service connection
+</I>&gt;<i> is in plain text.
+</I>
+It doesn't have to be. Squid can listen on https for client-to-proxy
+connections and some (but not all) clients can use that if you specify
+<A HREF="https://proxy.example.org:portnum/">https://proxy.example.org:portnum/</A> as the proxy address.
+
+
+</PRE>
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message (by thread): <A HREF="027716.html">[squid-users] MFA with squid, is it possible?
+</A></li>
+	
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#27717">[ date ]</a>
+              <a href="thread.html#27717">[ thread ]</a>
+              <a href="subject.html#27717">[ subject ]</a>
+              <a href="author.html#27717">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://lists.squid-cache.org/listinfo/squid-users">More information about the squid-users
+mailing list</a><br>
+</body></html>

squid-users/2025-December/author.html

@@ -19,15 +19,20 @@ <h1>December 2025 Archives by author</h1>
                     </a></b></li>
       </ul>
       <p><b>Starting:</b> <i>Wed Dec  3 03:32:07 UTC 2025</i><br>
-         <b>Ending:</b> <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-         <b>Messages:</b> 3<p>
+         <b>Ending:</b> <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+         <b>Messages:</b> 4<p>
      <ul>
 
 <LI><A HREF="027716.html">[squid-users] MFA with squid, is it possible?
 </A><A NAME="27716">&nbsp;</A>
 <I>Tony Albers
 </I>
 
+<LI><A HREF="027717.html">[squid-users] MFA with squid, is it possible?
+</A><A NAME="27717">&nbsp;</A>
+<I>Stuart Henderson
+</I>
+
 <LI><A HREF="027714.html">[squid-users] CVE-2025-62168
 </A><A NAME="27714">&nbsp;</A>
 <I>Amos Jeffries
@@ -41,8 +46,8 @@ <h1>December 2025 Archives by author</h1>
     </ul>
     <p>
       <a name="end"><b>Last message date:</b></a> 
-       <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-    <b>Archived on:</b> <i>Wed Dec  3 16:55:24 UTC 2025</i>
+       <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+    <b>Archived on:</b> <i>Thu Dec  4 12:11:36 UTC 2025</i>
     <p>
    <ul>
          <li> <b>Messages sorted by:</b>

squid-users/2025-December/date.html

@@ -19,8 +19,8 @@ <h1>December 2025 Archives by date</h1>
                     </a></b></li>
       </ul>
       <p><b>Starting:</b> <i>Wed Dec  3 03:32:07 UTC 2025</i><br>
-         <b>Ending:</b> <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-         <b>Messages:</b> 3<p>
+         <b>Ending:</b> <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+         <b>Messages:</b> 4<p>
      <ul>
 
 <LI><A HREF="027714.html">[squid-users] CVE-2025-62168
@@ -36,13 +36,18 @@ <h1>December 2025 Archives by date</h1>
 <LI><A HREF="027716.html">[squid-users] MFA with squid, is it possible?
 </A><A NAME="27716">&nbsp;</A>
 <I>Tony Albers
+</I>
+
+<LI><A HREF="027717.html">[squid-users] MFA with squid, is it possible?
+</A><A NAME="27717">&nbsp;</A>
+<I>Stuart Henderson
 </I>
 
     </ul>
     <p>
       <a name="end"><b>Last message date:</b></a> 
-       <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-    <b>Archived on:</b> <i>Wed Dec  3 16:55:24 UTC 2025</i>
+       <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+    <b>Archived on:</b> <i>Thu Dec  4 12:11:36 UTC 2025</i>
     <p>
    <ul>
          <li> <b>Messages sorted by:</b>

squid-users/2025-December/subject.html

@@ -19,8 +19,8 @@ <h1>December 2025 Archives by subject</h1>
                     </a></b></li>
       </ul>
       <p><b>Starting:</b> <i>Wed Dec  3 03:32:07 UTC 2025</i><br>
-         <b>Ending:</b> <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-         <b>Messages:</b> 3<p>
+         <b>Ending:</b> <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+         <b>Messages:</b> 4<p>
      <ul>
 
 <LI><A HREF="027714.html">[squid-users] CVE-2025-62168
@@ -36,13 +36,18 @@ <h1>December 2025 Archives by subject</h1>
 <LI><A HREF="027716.html">[squid-users] MFA with squid, is it possible?
 </A><A NAME="27716">&nbsp;</A>
 <I>Tony Albers
+</I>
+
+<LI><A HREF="027717.html">[squid-users] MFA with squid, is it possible?
+</A><A NAME="27717">&nbsp;</A>
+<I>Stuart Henderson
 </I>
 
     </ul>
     <p>
       <a name="end"><b>Last message date:</b></a> 
-       <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-    <b>Archived on:</b> <i>Wed Dec  3 16:55:24 UTC 2025</i>
+       <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+    <b>Archived on:</b> <i>Thu Dec  4 12:11:36 UTC 2025</i>
     <p>
    <ul>
          <li> <b>Messages sorted by:</b>

squid-users/2025-December/thread.html

@@ -19,8 +19,8 @@ <h1>December 2025 Archives by thread</h1>
                     </a></b></li>
       </ul>
       <p><b>Starting:</b> <i>Wed Dec  3 03:32:07 UTC 2025</i><br>
-         <b>Ending:</b> <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-         <b>Messages:</b> 3<p>
+         <b>Ending:</b> <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+         <b>Messages:</b> 4<p>
      <ul>
 
 <!--0 01764732727.27714- -->
@@ -42,12 +42,18 @@ <h1>December 2025 Archives by thread</h1>
 <I>Tony Albers
 </I>
 
+<!--1 01764768706.27715-01764850285.27717- -->
+<LI><A HREF="027717.html">[squid-users] MFA with squid, is it possible?
+</A><A NAME="27717">&nbsp;</A>
+<I>Stuart Henderson
+</I>
+
 </UL>
     </ul>
     <p>
       <a name="end"><b>Last message date:</b></a> 
-       <i>Wed Dec  3 16:55:10 UTC 2025</i><br>
-    <b>Archived on:</b> <i>Wed Dec  3 16:55:24 UTC 2025</i>
+       <i>Thu Dec  4 12:11:25 UTC 2025</i><br>
+    <b>Archived on:</b> <i>Thu Dec  4 12:11:36 UTC 2025</i>
     <p>
    <ul>
          <li> <b>Messages sorted by:</b>

squid-users/attachments/20251203/6890db3f/attachment-0001.htm

@@ -0,0 +1,4 @@
+<tt>
+&lt;div&nbsp;dir=&quot;ltr&quot;&gt;&lt;div&gt;I&nbsp;was&nbsp;wondering&nbsp;if&nbsp;it&#39;s&nbsp;possible&nbsp;to&nbsp;use&nbsp;2fa&nbsp;with&nbsp;squid?&lt;br&gt;If&nbsp;so,&nbsp;how?&lt;br&gt;&lt;/div&gt;&lt;div&gt;The&nbsp;authentication of&nbsp;squid&nbsp;is&nbsp;based&nbsp;on&nbsp;a&nbsp;couple&nbsp;methods,&nbsp;but,&nbsp;by&nbsp;what&nbsp;I&nbsp;can&nbsp;identify&nbsp;the&nbsp;2fa?&nbsp;Is&nbsp;there&nbsp;any&nbsp;option&nbsp;to&nbsp;use&nbsp;some&nbsp;kind&nbsp;of&nbsp;token&nbsp;which&nbsp;can&nbsp;be&nbsp;acquired via&nbsp;some&nbsp;external&nbsp;authentication&nbsp;service?&lt;br&gt;I&nbsp;am&nbsp;unsure&nbsp;if&nbsp;it&#39;s&nbsp;doable&nbsp;or&nbsp;not.&lt;br&gt;I&nbsp;have&nbsp;seen&nbsp;a&nbsp;couple&nbsp;VPN&nbsp;services&nbsp;which&nbsp;offer&nbsp;2fa,&nbsp;but&nbsp;all&nbsp;of&nbsp;these&nbsp;have&nbsp;connection&nbsp;based&nbsp;authentication.&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;The&nbsp;only&nbsp;service&nbsp;I&nbsp;have&nbsp;seen&nbsp;which&nbsp;has&nbsp;a&nbsp;nice&nbsp;concept&nbsp;of&nbsp;2fa&nbsp;is&nbsp;Defguard.&lt;/div&gt;&lt;div&gt;It&nbsp;uses&nbsp;Wireguard combined&nbsp;with&nbsp;psk.&lt;/div&gt;&lt;div&gt;The&nbsp;flow&nbsp;is&nbsp;that&nbsp;the&nbsp;app&nbsp;contacts&nbsp;a&nbsp;management service&nbsp;and&nbsp;the&nbsp;2fa&nbsp;authentication&nbsp;is&nbsp;done&nbsp;against&nbsp;this&nbsp;service.&lt;br&gt;Then&nbsp;this&nbsp;service&nbsp;generates&nbsp;the&nbsp;WG&nbsp;config&nbsp;PSK&nbsp;and&nbsp;pushes&nbsp;it&nbsp;to&nbsp;the&nbsp;WG&nbsp;service.&lt;br&gt;The&nbsp;app&nbsp;then&nbsp;connects&nbsp;with&nbsp;a&nbsp;combination&nbsp;of&nbsp;KEY+PSK.&lt;/div&gt;&lt;div&gt;The&nbsp;detection&nbsp;of&nbsp;connection&nbsp;invalidation&nbsp;(&quot;disconnection&quot;)&nbsp;is&nbsp;when&nbsp;there&nbsp;is&nbsp;no&nbsp;activity&nbsp;after&nbsp;3&nbsp;minutes&nbsp;on&nbsp;the&nbsp;WG&nbsp;peer(or&nbsp;by&nbsp;disconnection&nbsp;in&nbsp;the&nbsp;app).&lt;br&gt;Then&nbsp;the&nbsp;PSK&nbsp;is&nbsp;automatically&nbsp;being&nbsp;revoked/changed&nbsp;in&nbsp;the&nbsp;peer&nbsp;config&nbsp;which&nbsp;blocks&nbsp;it&#39;&nbsp;usage.&lt;/div&gt;&lt;div&gt;It&#39;s&nbsp;not&nbsp;a&nbsp;perfect&nbsp;solution&nbsp;but&nbsp;it&#39;s&nbsp;a&nbsp;nice&nbsp;enough&nbsp;implementation.&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;The&nbsp;issue&nbsp;with&nbsp;a&nbsp;proxy&nbsp;connection&nbsp;is&nbsp;that&nbsp;the&nbsp;client-to-service&nbsp;connection&nbsp;is&nbsp;in&nbsp;plain&nbsp;text.&lt;br&gt;So&nbsp;my&nbsp;assumption&nbsp;is&nbsp;that&nbsp;if&nbsp;we&nbsp;can&nbsp;secure&nbsp;the&nbsp;client-to-proxy&nbsp;and&nbsp;the&nbsp;generated&nbsp;config&nbsp;delivery&nbsp;to&nbsp;the&nbsp;client&nbsp;we&nbsp;can&nbsp;kind&nbsp;of&nbsp;consider&nbsp;it&nbsp;&quot;secure&nbsp;enough&quot;.&lt;br&gt;&lt;br&gt;I&nbsp;am&nbsp;wondering&nbsp;to&nbsp;myself&nbsp;about&nbsp;the&nbsp;available&nbsp;options&nbsp;in&nbsp;the&nbsp;proxy&nbsp;market.&lt;br&gt;&lt;br&gt;Thanks,&lt;br&gt;Eliezer&lt;/div&gt;&lt;div&gt;&lt;div&nbsp;dir=&quot;rtl&quot;&nbsp;class=&quot;gmail_signature&quot;&nbsp;data-smartmail=&quot;gmail_signature&quot;&gt;&lt;div&nbsp;dir=&quot;ltr&quot;&gt;&lt;/div&gt;&lt;/div&gt;&lt;/div&gt;&lt;/div&gt;<br>
+
+</tt>

squid-users/index.html

@@ -25,7 +25,7 @@ <h1>The squid-users Archives </h1>
               <A href="2025-December/author.html">[ Author ]</a>
               <A href="2025-December/date.html">[ Date ]</a>
             </td>
-            <td><A href="2025-December.txt">[ Text 4 KB ]</a></td>
+            <td><A href="2025-December.txt.gz">[ Gzip'd Text 1 KB ]</a></td>
             </tr>