Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to require everyone to use Squid proxy?

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stramato
      last edited by

      I want to require everyone to go through the proxy when browsing the web.

      I CANNOT use transparent proxy because it does not work with Authentication.

      So basically I want all the clients to have their browsers' proxy settings pointed to the squid server, or they will not be able to browse the web.

      what's the best way to implement this?

      1 Reply Last reply Reply Quote 0
      • P
        Pistolero
        last edited by

        I'd block outbound port 80 from your subnet, with an exception for the pfSense IP, then your users will be forced to use the proxy as they won't be able to get on teh intarwebs otherwise… or even better (and easier), why don't you just set the proxy port to be 80?

        1 Reply Last reply Reply Quote 0
        • S
          stramato
          last edited by

          @Pistolero:

          I'd block outbound port 80 from your subnet, with an exception for the pfSense IP, then your users will be forced to use the proxy as they won't be able to get on teh intarwebs otherwise… or even better (and easier), why don't you just set the proxy port to be 80?

          hmm, sounds like a clever idea setting the proxy to port 80.

          However, i will then need to change the webGUI port. I can use 443 (https) but that would mean https traffic will bypass Squid? Do I understand this correctly?

          Anyway, thanks for the suggestions! Very helpful :)

          1 Reply Last reply Reply Quote 0
          • X
            XIII
            last edited by

            squid is for http traffic only. what you want is captive portal

            -Chris Stutzman
            Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
            Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
            freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
            Check out the pfSense Wiki

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Setting the proxy port to tcp 80 would not solve your issue as the users would still need to have proxy settings in their machines.  Keep the proxy on the default port, block access from your LAN clients outbound to TCP 80, TCP 443 and force them to put proxy settings in place to get out.  This can be done more easily using a GPO if you're an AD site, or using WPAD.  As was pointed out, this will only work for HTTP traffic.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.