• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Proxy:ACL:blacklist function will be broken by enable "Allow users on interface"

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
2 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    anto_DIGIT
    last edited by Jun 29, 2010, 5:00 PM

    Proxy server: General settings
    Enable "Allow users on interface" will cause the Access control: Blacklist not function.
    Which is wrong? squid.conf or pf rules?
    Because if "Allow users on interface" is enabled it will easily captiveportal dibypass by the client, if the proxy server option in the browser is directed to pfsense.

    1 Reply Last reply Reply Quote 0
    • R
      r4iden
      last edited by Sep 10, 2010, 12:39 PM

      I have a similar problem on 2.0 (running 2.0-BETA3 Built On: Sun Jul 25 20:23:39 EDT 2010) with SQUID 2.7.9_1

      Please correct me if I'm wrong in my thinking of what this setting does. "Allow users on interface" automatically adds the IP range of the LAN adapter to the allowed ACL, and by switching this off it will check the 'allowed subnets' under 'access control'. This does not seem to be working as intended, and just blocks internet access. Am I missing something?

      This is my problem, and maybe there is another interim solution.
      I have a 2.0 proxy and had to set up a second proxy on running 1.2.3 with squidguard for filtering.
      People that should be allowed to use the 2.0 proxy are on 10.10.10.0, and people that should use the 1.2.3 one is on 10.10.11.0. The ACL would obviously be perfect, but is it possible to set up a firewall rule to block the proxy port on the 2.0 box for the 2nd network range? I have tried setting up a rule, but I must be doing something wrong…

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received