Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal & squid trasparent mode - bypassed

    Scheduled Pinned Locked Moved Captive Portal
    8 Posts 7 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ataru78
      last edited by

      I have Captive portal and squid set to trasparent mode on 3128 port.

      I found that a user has made ​​some tests (perhaps knew pfsense), has manually set your browser to use the proxy on port 3128, and now connects to the Internet without authentication.
      Practically, by manually setting your browser to use the transparent proxy port, you can bypass the captive portal.

      I have to solve the problem also using squidguard or what?

      Thanks

      1 Reply Last reply Reply Quote 0
      • R
        rjcrowder
        last edited by

        @ataru78:

        I have Captive portal and squid set to trasparent mode on 3128 port.

        I found that a user has made ​​some tests (perhaps knew pfsense), has manually set your browser to use the proxy on port 3128, and now connects to the Internet without authentication.
        Practically, by manually setting your browser to use the transparent proxy port, you can bypass the captive portal.

        I have to solve the problem also using squidguard or what?

        Thanks

        Create a LAN firewall rule to block outbound traffic to port 80 that doesn't come from the pfSense box…

        TCP * * ! LAN net 80 (HTTP) * none

        That will block all internal but allow the proxy out...

        1 Reply Last reply Reply Quote 0
        • S
          soylent
          last edited by

          Better create a rule that denies direct access to the proxy on TCP3128. So users have to take port 80, which will be caught by the portal.

          1 Reply Last reply Reply Quote 0
          • S
            saxonbeta
            last edited by

            In the general tab of the proxy server configuration, there is an option to "Patch the captive portal". Maybe this option could solve your problem

            1 Reply Last reply Reply Quote 0
            • A
              abiatiya
              last edited by

              Hi

              I would to report that squid3+captive portal = bug squid port (it still exist, even though enabled patch CP on squid's general config).

              Today(30/9/13) I have tested CP interface with squid support all working well. then I put proxy IP direct to properties of browser, after that I can go direct to internet without any authenticate by CP .. what's wrong..

              approximate detail
              PfSense 2.1 + CP Enable
              Squid3

              pfSense 2.1 Release
              Lanner LEC-2126n 2Gb Ram, 8Gb SD-Card

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                Try with squid3-dev. I've updated it this week.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • O
                  onlineph
                  last edited by

                  is  squid3-dev same as lusca?

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    No. Lusca is based on squid2.
                    Squid3-dev use latest 3.3.8 stable version.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.