Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid (Captive Portal Authentication) + Captive Portal -> https "Access Denied"

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      NeoFromMatrix
      last edited by

      Hello!

      This is my first time playing with pfsense (2.3.2), trying to evaluate it for a semi open wireless network.

      I've setup Squid, SquidGuard and Captive Portal. In the end multiple users should be able to login (over a wireless network) at the Captive portal with their username/password and their traffic being logged with squid.
      Reason for this is that I would like to block specific content via Squidguard (e.g. porn, warez) and be able to track down legal violations to a specific user.

      The current problem I have is that when I set "Authentication Method" to "Captive Portal" in the settings for Squid Proxy Server all HTTP request will result in:

      "ERROR

      The requested URL could not be retrieved

      The following error was encountered while trying to retrieve the URL: http://somedomain?

      Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

      Your cache administrator is admin@localhost."

      HTTPS request still pass through as normal.
      If I set Authentication to None under Squid, everything works fine.

      Does anyone have an idea where the problem could be located. or if i could reach my goal on a different way?

      Thank you very much!
      neo

      My setup:

      System -> Package Manager -> Available Packages
      installed squid and squidGuard

      Services -> Squid Proxy Server -> Local Cache
      increased "Hard Disk Cache Size" to 1000

      Services -> Squid Proxy Server -> General
      enabled "Enable Squid Proxy"
      set interface to "LAN"
      enabled "Transparent HTTP Proxy"
      enables "Enable Access Logging"

      Services -> Squid Proxy Server -> Authentication
      set "Authentication Method" to Captive Portal

      Services -> Captive Portal
      add zone for your LAN network
      enable "Enable"
      set Interface to "LAN"
      set "Authentication method" to "Local User Manager / Vouchers"

      System -> User Manager -> Users
      Add a user
      add "User - Services: Captive Portal login" to "Effective Privileges"
      (or disable this required privilege under Services -> Captive Portal)

      Services -> SquidGuard Proxy Filter -> General Settings
      enabled "Enable"
      enabled "Enable GUI log"
      enabled "Enable log"
      enabled "Blacklist"

      Services -> SquidGuard Proxy Filter -> Blacklist
      added "http://www.shallalist.de/Downloads/shallalist.tar.gz"

      Services -> SquidGuard Proxy Filter -> Common ACL
      Set default to allow under "Target Rules" (default if block all)
      enabled "Log"

      1 Reply Last reply Reply Quote 0
      • N Offline
        NeoFromMatrix
        last edited by

        Switching to non transparent proxy results in the same problem.

        1 Reply Last reply Reply Quote 0
        • S Offline
          samgurung
          last edited by

          Have you or anyone else found a solution to this? I am stuck with the same problem!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.