I think you could come up with a compromise.
I'm looking at installing free wireless internet access for the public
to use in the downtown Macon GA area.
The plan is to high-jack port 80 with a transparent proxy server
and serve up a default web page
Basically I want the users to only se this web page until they
authenticate somehow
This isn't possible with Squid. This question has been asked (and answered)
many times, and is in the FAQ.
If you set up squid to request authentication and have the failure for authentication provide the single web homepage that you want as an error.
So you could do the following:
#This will allow advertising and site setup explanations acl configsite dstdomain .macon-ga.com
#This is my authentication acl acl password proxy_auth REQUIRED
#This will provide my default deny page acl mydeny dst 0.0.0.0
#This is the direct to my page for unauthenticated users deny_info ERR_CONFIG mydeny
http_access allow configsite http_access allow password http_access deny mydeny #Just for paranoia http_access deny all
You then save a copy of your default webpage to /etc/squid/errors/ERR_CONFIG
Squid does not do auth and transparent proxying as said, this is in the FAQ. So I would set iptables to redirect all outbound port 80 traffic to your website so that is the only place they will go. Set up WPAD on the local network, which works for konqueror and I.E. and provide proxy instructions for Mozilla users. WPAD will redirect the browser to use your proxy which will then happily work with authentication.
Obviously there needs to be a load more in the config file - the stuff to get authentication working against whatever you are using.
Kind regards Xander
