Captive portal & squid trasparent mode - bypassed



  • I have Captive portal and squid set to trasparent mode on 3128 port.

    I found that a user has made ​​some tests (perhaps knew pfsense), has manually set your browser to use the proxy on port 3128, and now connects to the Internet without authentication.
    Practically, by manually setting your browser to use the transparent proxy port, you can bypass the captive portal.

    I have to solve the problem also using squidguard or what?

    Thanks



  • @ataru78:

    I have Captive portal and squid set to trasparent mode on 3128 port.

    I found that a user has made ​​some tests (perhaps knew pfsense), has manually set your browser to use the proxy on port 3128, and now connects to the Internet without authentication.
    Practically, by manually setting your browser to use the transparent proxy port, you can bypass the captive portal.

    I have to solve the problem also using squidguard or what?

    Thanks

    Create a LAN firewall rule to block outbound traffic to port 80 that doesn't come from the pfSense box…

    TCP * * ! LAN net 80 (HTTP) * none

    That will block all internal but allow the proxy out...



  • Better create a rule that denies direct access to the proxy on TCP3128. So users have to take port 80, which will be caught by the portal.



  • In the general tab of the proxy server configuration, there is an option to "Patch the captive portal". Maybe this option could solve your problem



  • Hi

    I would to report that squid3+captive portal = bug squid port (it still exist, even though enabled patch CP on squid's general config).

    Today(30/9/13) I have tested CP interface with squid support all working well. then I put proxy IP direct to properties of browser, after that I can go direct to internet without any authenticate by CP .. what's wrong..

    approximate detail
    PfSense 2.1 + CP Enable
    Squid3



  • Try with squid3-dev. I've updated it this week.



  • is  squid3-dev same as lusca?



  • No. Lusca is based on squid2.
    Squid3-dev use latest 3.3.8 stable version.


Log in to reply