Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Proxy:ACL:blacklist function will be broken by enable "Allow users on interface"

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    2
    1543
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anto_DIGIT last edited by

      Proxy server: General settings
      Enable "Allow users on interface" will cause the Access control: Blacklist not function.
      Which is wrong? squid.conf or pf rules?
      Because if "Allow users on interface" is enabled it will easily captiveportal dibypass by the client, if the proxy server option in the browser is directed to pfsense.

      1 Reply Last reply Reply Quote 0
      • R
        r4iden last edited by

        I have a similar problem on 2.0 (running 2.0-BETA3 Built On: Sun Jul 25 20:23:39 EDT 2010) with SQUID 2.7.9_1

        Please correct me if I'm wrong in my thinking of what this setting does. "Allow users on interface" automatically adds the IP range of the LAN adapter to the allowed ACL, and by switching this off it will check the 'allowed subnets' under 'access control'. This does not seem to be working as intended, and just blocks internet access. Am I missing something?

        This is my problem, and maybe there is another interim solution.
        I have a 2.0 proxy and had to set up a second proxy on running 1.2.3 with squidguard for filtering.
        People that should be allowed to use the 2.0 proxy are on 10.10.10.0, and people that should use the 1.2.3 one is on 10.10.11.0. The ACL would obviously be perfect, but is it possible to set up a firewall rule to block the proxy port on the 2.0 box for the 2nd network range? I have tried setting up a rule, but I must be doing something wrong…

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post