Avatar of EICT
EICT
Flag for United Kingdom of Great Britain and Northern Ireland asked on

How to create a wifi hotspot which forwards all web request to online content filtering proxy.

Hi,
We use a hosted content filtering proxy on our company network to block inappropriate web content. The client PCs are configured in IE using a .pac file to point to the proxy filter.

I would like to set up a wifi access point which out clients can use to access the Internet, which will force their web requests to also be directed to the proxy filter. However I do not have access to their devices and so can't configure IE or other browser.

Is this possible?  

Thanks
Wireless NetworkingWireless HardwareRoutersNetwork Security

Avatar of undefined
Last Comment
EICT

8/22/2022 - Mon
arnold

Yes, Depending on your wifi ap, there are different ways to achieve this including transparent proxy.

It might also be possible to achieve this on the router to forward all requests from the wifi (vlan) to a transparent proxy.

Does the hosted proxy support wccp?
EICT

ASKER
Thanks Arnold I shall find out if the hosted proxy supports wccp. Having googled this - if they did would I need a cisco AP?

Will be back soon. Thanks.
arnold

No, you would need your router to support wccp and you would configure an ACL on the wifi feed to redirect the requests to the proxy.
The "benefit" of wccp, should the proxy become inaccessible, the user will not be impacted though the users' requests will sent directly through to the destination.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
EICT

ASKER
Hi,
Unfortunately websense tell me they do not support WCCP.
arnold

You can on your router setup a rule that any port 80 requests from the wifi lan need to be forwarded through/redirected to the websense IP:port

The auto proxy detection relies on/requires the client have that option set and the browser they use.

The difficulty you say you want this to be transparent to the users to avoid users running into issues when they try to use the laptops/devices outside your network.

What router do you have?

Websense does not, but does your proxy?
one option if you can is to setup a VM running linux with squid with the websense box as the upstream peer.
the WCCP for wifi will be setup with the linux/squid.

....

There are a bunch of examples wccp transparent squid proxy setup.

http://www.crypt.gen.nz/papers/cisco_squid_wccp.html

in your case, you will have this squid proxy subordinated.
SOLUTION
arnold

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
EICT

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
EICT

ASKER
The solution suggested was helpful but did not directly resolve the problem.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.