Page 1 of 1
Filter incoming client with certificate
Posted: 29 Mar 2016 14:44
by cache123
Hello,
I would like to restrict access to my servers sitting behing cacheguard.
I'm thinking of using certificates on my clients.
Is CacheGuard able to check for certificates on the clients to allow/reject them ?
Otherwise how could I better restrict client acccess ?
Thank you
Re: Filter incoming client with certificate
Posted: 29 Mar 2016 14:56
by david
Hello
Could you please be more specific when you use the term "access"? Do you need an administrative access to your servers? Or a Web access... Windows or Linux servers?
Best Regards,
Re: Filter incoming client with certificate
Posted: 29 Mar 2016 19:40
by cache123
Hi David,
Thanks for your reply.
Access is only user access to web services. No admin access.
Linux servers (apache/httpd).
I would like Cachaguard to check the presence of a certificate on the web client machine and alllow access to cloacked servers. It has to be combined with authentication user/pw.
Regards
Re: Filter incoming client with certificate
Posted: 29 Mar 2016 22:03
by david
Hi
In short, no, the current version (1.1.5) does not support HTTPS client authentication.
However if you need both types of service (with and without HTTPS client authentication) nothing stops you from implementing HTTPS clients authentication directly on your cloaked Web servers. In this case CG acts as a network firewall only towards your HTTPS client authenticated service (let's say on 444 port) and a Web gateway (WAF, firewall, reverse proxy, SSL terminator...) towards your NON HTTPS client authenticated service (on the standard 443 port).
Please keep in mind that CG is cabled to be placed in front of Web servers widely accessible on the Internet. That's why we didn't integrate HTTPS client authentication (but is shouldn't be a big deal to integrate it if many people ask for it).
Best Regards,