Proxy.pac – Is there a better option for mobile devices?
On our network everyone is required to go through a proxy server for web access. In general I understand how to set up a proxy.pac file that sits on pfSense to hand out for mobile clients.
But the support for proxying is just plain awful in many devices. Some devices need to have proxy detection enabled by the owner, some devices require the owner to physically enter a URL to the proxy.pac, and some devuces simply don't work with proxies at all.
Is there another way to do this that is more automatic and invisible to users, so that they merely need to join our public passwordless wifi, and the proxy auto-config just works universally for all?
(I am aware you cannot use a transparent proxy for HTTPS, so using a simple transparent proxy through squid on pfSense is not the solution I'm looking for. Most websites use encryption by default now, including Google, so relying on just transparent HTTP won't cut it.)
You can check the forum for posts of user "marcelloc". He is working on a squid3 version which can do transparent ssl but as far as I know this is still in work and needs some donations.
In this case you could filter http and https without any proxy settings on the hosts but the hosts will get a certificate warning when they visit a https protected website.