Squid (Captive Portal Authentication) + Captive Portal -> https "Access Denied"
-
Hello!
This is my first time playing with pfsense (2.3.2), trying to evaluate it for a semi open wireless network.
I've setup Squid, SquidGuard and Captive Portal. In the end multiple users should be able to login (over a wireless network) at the Captive portal with their username/password and their traffic being logged with squid.
Reason for this is that I would like to block specific content via Squidguard (e.g. porn, warez) and be able to track down legal violations to a specific user.The current problem I have is that when I set "Authentication Method" to "Captive Portal" in the settings for Squid Proxy Server all HTTP request will result in:
"ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http://somedomain?
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is admin@localhost."
HTTPS request still pass through as normal.
If I set Authentication to None under Squid, everything works fine.Does anyone have an idea where the problem could be located. or if i could reach my goal on a different way?
Thank you very much!
neoMy setup:
System -> Package Manager -> Available Packages
installed squid and squidGuardServices -> Squid Proxy Server -> Local Cache
increased "Hard Disk Cache Size" to 1000Services -> Squid Proxy Server -> General
enabled "Enable Squid Proxy"
set interface to "LAN"
enabled "Transparent HTTP Proxy"
enables "Enable Access Logging"Services -> Squid Proxy Server -> Authentication
set "Authentication Method" to Captive PortalServices -> Captive Portal
add zone for your LAN network
enable "Enable"
set Interface to "LAN"
set "Authentication method" to "Local User Manager / Vouchers"System -> User Manager -> Users
Add a user
add "User - Services: Captive Portal login" to "Effective Privileges"
(or disable this required privilege under Services -> Captive Portal)Services -> SquidGuard Proxy Filter -> General Settings
enabled "Enable"
enabled "Enable GUI log"
enabled "Enable log"
enabled "Blacklist"Services -> SquidGuard Proxy Filter -> Blacklist
added "http://www.shallalist.de/Downloads/shallalist.tar.gz"Services -> SquidGuard Proxy Filter -> Common ACL
Set default to allow under "Target Rules" (default if block all)
enabled "Log" -
Switching to non transparent proxy results in the same problem.
-
Have you or anyone else found a solution to this? I am stuck with the same problem!