[squid-users] Client-Side Certificates at the Directory Level?

From: <techguy005-ml@dont-contact.us>
Date: Mon, 10 Sep 2007 10:13:15 -0700 (PDT)

I have 2 applications that resides on the same Web
Site and shares the same URL prefix (i.e.
www.whatever.com), but lives within different virtual
directories. Each of those applications has different
security requirements: One REQUIRES a client-side
certificate and the other one doesn't.

Below are example URLs of what the client would enter:

DOESN'T require a Client-Side certificate:
https://www.whatever.com/NoClientCertRequred/

DOES require a Client-Side certificate:
https://www.whatever.com/ClientCertRequred/

In a Squid reverse proxy configurations, in order to
use client certificates, the respective CA signer of
the client-side certificates must be installed on the
Squid server (not the web server) level so the
end-user get challenged to present a client-side
certificate by Squid instead of by the web server.
Correct?

The question I have is this:

Can Squid be configured to define client-side
certificate requirements at the DIRECTORY level (like
the aforementioned "/ClientCertRequred/") or does the
requirements have to be set based on the web site as a
whole (i.e. "www.whatever.com")? If this is possible,
any example squid.conf configurations of this set-up
would be great.

Any insight you can offer would be greatly
appreciated! Thanks.
Received on Mon Sep 10 2007 - 11:13:22 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT