How to create a wifi hotspot which forwards all web request to online content filtering proxy.

EICT
EICT used Ask the Experts™
on
Hi,
We use a hosted content filtering proxy on our company network to block inappropriate web content. The client PCs are configured in IE using a .pac file to point to the proxy filter.

I would like to set up a wifi access point which out clients can use to access the Internet, which will force their web requests to also be directed to the proxy filter. However I do not have access to their devices and so can't configure IE or other browser.

Is this possible?  

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
Yes, Depending on your wifi ap, there are different ways to achieve this including transparent proxy.

It might also be possible to achieve this on the router to forward all requests from the wifi (vlan) to a transparent proxy.

Does the hosted proxy support wccp?

Author

Commented:
Thanks Arnold I shall find out if the hosted proxy supports wccp. Having googled this - if they did would I need a cisco AP?

Will be back soon. Thanks.
Distinguished Expert 2017

Commented:
No, you would need your router to support wccp and you would configure an ACL on the wifi feed to redirect the requests to the proxy.
The "benefit" of wccp, should the proxy become inaccessible, the user will not be impacted though the users' requests will sent directly through to the destination.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Hi,
Unfortunately websense tell me they do not support WCCP.
Distinguished Expert 2017

Commented:
You can on your router setup a rule that any port 80 requests from the wifi lan need to be forwarded through/redirected to the websense IP:port

The auto proxy detection relies on/requires the client have that option set and the browser they use.

The difficulty you say you want this to be transparent to the users to avoid users running into issues when they try to use the laptops/devices outside your network.

What router do you have?

Websense does not, but does your proxy?
one option if you can is to setup a VM running linux with squid with the websense box as the upstream peer.
the WCCP for wifi will be setup with the linux/squid.

....

There are a bunch of examples wccp transparent squid proxy setup.

http://www.crypt.gen.nz/papers/cisco_squid_wccp.html

in your case, you will have this squid proxy subordinated.
Distinguished Expert 2017
Commented:
Out of curiosity, found the following websense doc/reference

http://www.websense.com/content/support/library/web/v75/wcg_deploy/WCG_Deploy.1.3.aspx
Commented:
Hi Arnold,
Sorry I have been away.
Websense Cloud solution does not support WCCP only their hardware solution.
A couple of other options I've discovered are:
1. use content filtering within the Draytek router. this can we applied to a particular VLAN using firewall rules.
2. Or configure the hotspot to use "Open DNS" i.e. push the open DNS IP addresses to the clients using DHCP. Open DNS includes content filtering.

Thanks for your help

Author

Commented:
The solution suggested was helpful but did not directly resolve the problem.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial