Use Captive Portal as "Splash Screen", but only for non-proxy users?



  • Hello,
    I am wondering if it is feasible to have a Captive Portal to activate only for users not using my squid proxy?

    My reason is fairly straightforward: I want to use SSL Bump in non-transparent mode, and without a wpad file for the purpose of providing helpful instructions on how to install my SSL Cert. Authority, and manually enabling the proxy. Although I could setup a wpad file and host, that wouldn't get my CA file installed. It wouldn't hurt to be able to explain why I'm using the proxy (malware & phishing protection via SquidGuard, etc.) and detailed instructions for configuring specific browsers.

    Alas, that's not all, I'd need to exclude certain ip addresses or mac addresses from this requirement (for my Xbox and Apple TV, which don't allow proxies at all, as well as the PS3, my PS Vita and my brother's Chromecast, which don't allow installing SSL certificates, etc.). I might also need to allow access to certain web domains without triggering the CP, for devices that require activation before use (Windows 10 tablets & computers, Apple iOS Devices, etc).

    If this is too involved or difficult, then maybe I'll never mind it. I'd still like to try.



  • What I did is to configure CP to "no authentication" and load the "Splash Screen" with no post button.

    That way the clients that does not know about the proxy when they tried to access the Internet directly will receive the "Splash Screen" blocking their access.

    If you want to allow some machines you do it by adding their MAC address to CP, or if allow to some sites add them to the "Allow Hostnames"