On 01.05.2012 18:12, Crawford, Ben wrote:
Good Day,
I am running squid 2.7 (although switching to squid 3 is likely to
happen soon) on our local school internal proxy (Ubuntu) that is
behind a larger network proxy (which I don't have control over).
We have started allowing students to access our wireless network as
the
proliferation of smart phones, tablets and laptops has been steadily
increasing.
The problem is Andorid does not play nice with proxies that require
authentication. I had an idea of a way around this that would still
tie
things to the individual logins. The solution I have been looking at
is to either bind the http_port or MAC address (through arp) to a
specific cache peer. Here is what I was thinking:
I recommend Squid-3.2 for your particular needs. It is still in beta
due to a few bugs, but stable enough for small uses. The EUI / ARP
handling has been extended quite a bit recently with EUI logging and
external_acl_type parameters for Captive Portal controls.
In my experience with Android devices and squid-3.2 they usually need
to be treated as any other software which does not support proxying
properly, via interception. The newer ones can support WPAD and PAC, but
the common ones still don't have proxy support anywhere.
NP: be aware that ARP-relay is needed for this to work on any network
where there are multiple device hops between the proxy and the user
devices. Otherwise you just end up with the router MAC addresses
arriving at Squid and security problems.
Amos
