Re: [squid-users] Non-Transparent HTTP+HTTP Proxy
On 16.09.19 05:45, sknz wrote: [Updated] I'm trying to configure Squid 3.5.3 for access controller/captive portal last few days. #1 For this config, on client device: *URL could not be retrieved - Invalid Url* http_port 3128 #2 Squid log throws an Error - No forward port http_port 3128 intercept #3 On client device: *URL could not be retrieved - Invalid Url* http_port 3128 http_port 3127 intercept #4 On client device: Unable to forward this request http_port 3128 accel #5 Now this works! http_port 3128 accel allow-direct Under same settings in other things, I've changed Squid config # 1 to 5, can you guess what's happening here? What's so special about "allow-direct" here? Why transparent proxy is not working? Why forward proxy is working only with "allow-direct"? first, configure proxy with port3128 without "accel", "intercept", "tproxy", and "ssl-bump". port 3128 should not use first three, and using the fourth can make things more compicated. then, cofigure your browser to use proxy at port 3128. This must work. "accel" and further "allow-direct" should be used on reverse proxies, not when you use proxy for connecting clients to the world. They need proper configuration on squid. They must not be used on forward proxy ports. "intercept" and further "tproxy" should be used on different port, both need special configuration on the router/firewall. Note that clients with explicit proxy should not connect to intercept port, and clients without explicit proxy should not connect to the standard 3128 port without intercept and tproxy. when using intercept, you should allow connections from proxy to the world and not redirect them back to the proxy. As I have already said, if you use solutions like coovachilli, they should provide instructions on how to configure intercepting proxy. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Non-Transparent HTTP+HTTP Proxy
[Updated] I'm trying to configure Squid 3.5.3 for access controller/captive portal last few days. #1 For this config, on client device: *URL could not be retrieved - Invalid Url* http_port 3128 #2 Squid log throws an Error - No forward port http_port 3128 intercept #3 On client device: *URL could not be retrieved - Invalid Url* http_port 3128 http_port 3127 intercept #4 On client device: Unable to forward this request http_port 3128 accel #5 Now this works! http_port 3128 accel allow-direct Under same settings in other things, I've changed Squid config # 1 to 5, can you guess what's happening here? What's so special about "allow-direct" here? Why transparent proxy is not working? Why forward proxy is working only with "allow-direct"? -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Non-Transparent HTTP+HTTP Proxy
I'm trying to configure Squid 3.5.3 for access controller/captive portal last few days. #1 For this config, on client device: *URL could not be retrieved - Invalid Url* http_port #2 Squid log throws an Error - No forward port http_port 3128 intercept #3 On client device: *URL could not be retrieved - Invalid Url* http_port 3128 http_port 3127 intercept #4 On client device: Unable to forward this request http_port 3128 accel #5 Now this works! http_port 3128 accel allow-direct Under same settings in other things, I've changed Squid config # 1 to 5, can you guess what's happening here? What's so special about "allow-direct" here? Why transparent proxy is not working? Why forward proxy is working only with "allow-direct"? -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Non-Transparent HTTP+HTTP Proxy
On 16.09.19 03:27, sknz wrote: So my straight-forward goal is here, i. Non-transparent proxy ( transparent doesn't work with captive portal ) if you mean, explicit proxy (client must explicitly configure it), not an intercepting proxy (http connections are redirected to proxy, browser doesn't know), then it's the default squid configuration. You must explicitly allow connections from client ips. however, captive portals could work with transparent proxy too. With http, no problem, with https, you need certificate. But, mobile phones test connections when checking new wi-fi network, so they can find out and report authorisation requirements on caprivw portals. ii. LOG HTTP and HTTPS traffic ( for HTTPS hostname will do ) this is on by default, unless you use distribution that turned it off. iii. Without issuing any certificate in client device dtandard behaviour. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie) ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Non-Transparent HTTP+HTTP Proxy
So my straight-forward goal is here, i. Non-transparent proxy ( transparent doesn't work with captive portal ) ii. LOG HTTP and HTTPS traffic ( for HTTPS hostname will do ) iii. Without issuing any certificate in client device Is it possible with Squid 3.5? -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
