Direct access to (Lusca) port 3128 allows guests to bypass my Captive Portal.
-
As my thread title says. I'm having this problem a day or so, well I'm planning to deploy my setup using a WiFi AP. I'm using a VMware setup, 1 Physical NIC and a Virtual NIC. I have made a guest OS in VM to test if my Caching Proxy Server setup is working (Transparent Mode & DNS Forwarder is enabled). Well it's working as it should but I'm really worried about my guests bypassing my CP. I know for a fact that you can change the browser proxy settings in a few clicks and I do also consider that maybe someone knowledgeable would do such a thing. Then surely it'll spoil my deployment. Anyone? Ideas?
PS: I'm not that new to networking but I do know that I must ask someone that knows enough in this field to figure something out. And try to enlighten me. Thanks!
-
known issue. block direct access to port 3128 on your lan.
-
Finally! It made sense to me now. Thanks!
-
but when i block access to port 3128 , is this mean that i will not using squid as cache for my network ?
-
but when i block access to port 3128 , is this mean that i will not using squid as cache for my network ?
Only if every client computer is configured to use the squidhost:3128 config in their browser, then this won't work. If you are using squid in transparent mode it doesn't make any difference, unless you're also running a captive portal as per the original post.
-
So blocking direct access to 3128 from LAN on a Squid (transparent) + CP system, solves the issue, right?
-
Hey Des,
You are right. I'm using it right now. I don't feel too secure with my Proxy Port (3128) is available to the public (I'm w/ a WiFi deployment.) So I want to block direct connection to it so that the DNS Forwarder service will kick in and land them right to my Captive Portal Auth Page.