Allowing mobile devices through proxy [Squid + AD Auth + WPAD]
-
Hi There,
Our pfsense serves the internet via Squid proxy + AD authentication while filtering HTTP/HTTPS access using Squidguard with WPAD enabled. So that users do not need to enter proxy manually as the WPAD functionality serves it. I've added two rules to block HTTP/HTTPS access on default ports to make sure users won't go to the internet without the automatic proxy.
Now the problem is that, it effects mobile internet users too. Because, when I block HTTP (80) & HTTPS (143) default services by a rule it blocks all over. PC's have the capability to select auto detect proxy so that WPAD will serve while PC browser requests. If so, is there any solution which I can allow mobile users too; while blocking the direct http/https ports?
-
transparent proxy?
-
iphone/ipad, you can use wpad but you have to enable it in the wifi setting for automatic… android, you have to manually set the proxy server in the dhcp/wifi setting... but i dont think https will work right...
-
Sorry for the long come back. Been busy with some works though.
transparent proxy?
Nope it is not transparent. Both HTTP/HTTPS are filtered & using WPAD for auto proxy.
iphone/ipad, you can use wpad but you have to enable it in the wifi setting for automatic… android, you have to manually set the proxy server in the dhcp/wifi setting... but i dont think https will work right...
This is a pain. May be I should use some sort of captive portal on a different subnet. But then again it break the whole point of having a proxy in place. :(