Proxy:ACL:blacklist function will be broken by enable "Allow users on interface"



  • Proxy server: General settings
    Enable "Allow users on interface" will cause the Access control: Blacklist not function.
    Which is wrong? squid.conf or pf rules?
    Because if "Allow users on interface" is enabled it will easily captiveportal dibypass by the client, if the proxy server option in the browser is directed to pfsense.



  • I have a similar problem on 2.0 (running 2.0-BETA3 Built On: Sun Jul 25 20:23:39 EDT 2010) with SQUID 2.7.9_1

    Please correct me if I'm wrong in my thinking of what this setting does. "Allow users on interface" automatically adds the IP range of the LAN adapter to the allowed ACL, and by switching this off it will check the 'allowed subnets' under 'access control'. This does not seem to be working as intended, and just blocks internet access. Am I missing something?

    This is my problem, and maybe there is another interim solution.
    I have a 2.0 proxy and had to set up a second proxy on running 1.2.3 with squidguard for filtering.
    People that should be allowed to use the 2.0 proxy are on 10.10.10.0, and people that should use the 1.2.3 one is on 10.10.11.0. The ACL would obviously be perfect, but is it possible to set up a firewall rule to block the proxy port on the 2.0 box for the 2nd network range? I have tried setting up a rule, but I must be doing something wrong…

    Thanks


Log in to reply