Re: [squid-users] Squid to get around Android proxy authentication

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 02 May 2012 12:06:39 +1200

On 01.05.2012 18:12, Crawford, Ben wrote:
> Good Day,
>
> I am running squid 2.7 (although switching to squid 3 is likely to
> happen soon) on our local school internal proxy (Ubuntu) that is
> behind a larger network proxy (which I don't have control over).
>
> We have started allowing students to access our wireless network as
> the
> proliferation of smart phones, tablets and laptops has been steadily
> increasing.
>
> The problem is Andorid does not play nice with proxies that require
> authentication. I had an idea of a way around this that would still
> tie
> things to the individual logins. The solution I have been looking at
> is to either bind the http_port or MAC address (through arp) to a
> specific cache peer. Here is what I was thinking:

I recommend Squid-3.2 for your particular needs. It is still in beta
due to a few bugs, but stable enough for small uses. The EUI / ARP
handling has been extended quite a bit recently with EUI logging and
external_acl_type parameters for Captive Portal controls.

In my experience with Android devices and squid-3.2 they usually need
to be treated as any other software which does not support proxying
properly, via interception. The newer ones can support WPAD and PAC, but
the common ones still don't have proxy support anywhere.

NP: be aware that ARP-relay is needed for this to work on any network
where there are multiple device hops between the proxy and the user
devices. Otherwise you just end up with the router MAC addresses
arriving at Squid and security problems.

Amos
Received on Wed May 02 2012 - 00:06:43 MDT

This archive was generated by hypermail 2.2.0 : Wed May 02 2012 - 12:00:03 MDT