Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid + Captive Portal Auth

    Cache/Proxy
    3
    4
    846
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      correajl
      last edited by

      Posted by: pfsensation
      « on: February 26, 2017, 12:32:39 pm »

      Hey guys,

      Has anyone been able to successfully get Captive Portal + Squid proxy working correctly? I've seen many threads where people were complaining about Squid proxy being able to bypass their Captive Portal and old patches were made (and removed).

      I'm using Captive Portal to essentially limit bandwidth on a per uses basis, since I have WPAD setup I don't want people bypassing the captive portal by connecting directly to the proxy. Is it not possible to make the proxy work only for the people who have authenticated via captive portal or have their MAC address bypass set? I can see that there's a captive portal auth option but can't seem to get that working.

      Or if that somehow isn't possible, maybe we can put authenticated captive portal users on a separate DHCP pool which allows squid proxy? (time depends on their captive portal access / voucher)

      Thanks in advance :3

      Same doubt here. We found a lot of information about the bug, the patches and recommendations to remove them. The GUI still have the line telling about the bug (if the feature was removed, I don't understand this line telling about something that was a bug and was removed).

      Well, a network with captive portal and squid proxy accepts that clients access Internet without authenticate yourselves on CP.

      Here we have wpad because many browsers use this as default behavior (auto detect proxy configuration). On networks with CP enabled we have to send on wpad the "DIRECT" action elsewere clients bypass the authentication. In that way client access everything directly an the CP can filter. We have to enable transparent proxy on that network and not permit squid to listen on interface of pfSense, elsewere a client with manual configuration can bypass CP.

      I hope some day this proble could be solved. If I've understood it is necessary the creation of some firewall rules.

      1 Reply Last reply Reply Quote 0
      • P
        pfsensation
        last edited by

        Why have you decided to clone my post, and basically ask the same thing?

        Just post in my original thread, without spamming this board. I haven't found a solution to this until now. :(

        However one possible solution could be to block WPAD etc, until a client has authenticated. So some kind of NAT to redirect even clients that are setup with the proxy to the Captive Portal until they've been authenticated.

        1 Reply Last reply Reply Quote 0
        • C
          correajl
          last edited by

          I think I've tried the original post but the forum system refused the post.

          This thread can be deleted.

          Tks

          1 Reply Last reply Reply Quote 0
          • S
            samgurung
            last edited by

            Anybody found a solution to this? I am trying to get SQUID to work with CP authentication but cant! Help will be appreciated

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.