How to require everyone to use Squid proxy?
-
I want to require everyone to go through the proxy when browsing the web.
I CANNOT use transparent proxy because it does not work with Authentication.
So basically I want all the clients to have their browsers' proxy settings pointed to the squid server, or they will not be able to browse the web.
what's the best way to implement this?
-
I'd block outbound port 80 from your subnet, with an exception for the pfSense IP, then your users will be forced to use the proxy as they won't be able to get on teh intarwebs otherwise… or even better (and easier), why don't you just set the proxy port to be 80?
-
I'd block outbound port 80 from your subnet, with an exception for the pfSense IP, then your users will be forced to use the proxy as they won't be able to get on teh intarwebs otherwise… or even better (and easier), why don't you just set the proxy port to be 80?
hmm, sounds like a clever idea setting the proxy to port 80.
However, i will then need to change the webGUI port. I can use 443 (https) but that would mean https traffic will bypass Squid? Do I understand this correctly?
Anyway, thanks for the suggestions! Very helpful :)
-
squid is for http traffic only. what you want is captive portal
-
Setting the proxy port to tcp 80 would not solve your issue as the users would still need to have proxy settings in their machines. Keep the proxy on the default port, block access from your LAN clients outbound to TCP 80, TCP 443 and force them to put proxy settings in place to get out. This can be done more easily using a GPO if you're an AD site, or using WPAD. As was pointed out, this will only work for HTTP traffic.