Squid (Captive Portal Authentication) + Captive Portal -> https "Access Denied"

  • Hello!

    This is my first time playing with pfsense (2.3.2), trying to evaluate it for a semi open wireless network.

    I've setup Squid, SquidGuard and Captive Portal. In the end multiple users should be able to login (over a wireless network) at the Captive portal with their username/password and their traffic being logged with squid.
    Reason for this is that I would like to block specific content via Squidguard (e.g. porn, warez) and be able to track down legal violations to a specific user.

    The current problem I have is that when I set "Authentication Method" to "Captive Portal" in the settings for Squid Proxy Server all HTTP request will result in:


    The requested URL could not be retrieved

    The following error was encountered while trying to retrieve the URL: http://somedomain?

    Access Denied.

    Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

    Your cache administrator is admin@localhost."

    HTTPS request still pass through as normal.
    If I set Authentication to None under Squid, everything works fine.

    Does anyone have an idea where the problem could be located. or if i could reach my goal on a different way?

    Thank you very much!

    My setup:

    System -> Package Manager -> Available Packages
    installed squid and squidGuard

    Services -> Squid Proxy Server -> Local Cache
    increased "Hard Disk Cache Size" to 1000

    Services -> Squid Proxy Server -> General
    enabled "Enable Squid Proxy"
    set interface to "LAN"
    enabled "Transparent HTTP Proxy"
    enables "Enable Access Logging"

    Services -> Squid Proxy Server -> Authentication
    set "Authentication Method" to Captive Portal

    Services -> Captive Portal
    add zone for your LAN network
    enable "Enable"
    set Interface to "LAN"
    set "Authentication method" to "Local User Manager / Vouchers"

    System -> User Manager -> Users
    Add a user
    add "User - Services: Captive Portal login" to "Effective Privileges"
    (or disable this required privilege under Services -> Captive Portal)

    Services -> SquidGuard Proxy Filter -> General Settings
    enabled "Enable"
    enabled "Enable GUI log"
    enabled "Enable log"
    enabled "Blacklist"

    Services -> SquidGuard Proxy Filter -> Blacklist
    added "http://www.shallalist.de/Downloads/shallalist.tar.gz"

    Services -> SquidGuard Proxy Filter -> Common ACL
    Set default to allow under "Target Rules" (default if block all)
    enabled "Log"

  • Switching to non transparent proxy results in the same problem.

  • Have you or anyone else found a solution to this? I am stuck with the same problem!

Log in to reply