{"id":1061,"date":"2013-05-17T20:00:01","date_gmt":"2013-05-18T00:00:01","guid":{"rendered":"https:\/\/infotechguy.net\/?p=1061"},"modified":"2025-02-22T11:08:13","modified_gmt":"2025-02-22T16:08:13","slug":"squid-proxy-splash-page-2","status":"publish","type":"post","link":"https:\/\/infotechguy.net\/?p=1061","title":{"rendered":"Squid Proxy &#8212; Splash Page"},"content":{"rendered":"<p>Hi All! So after my last article regarding <a title=\"Squid 3.1 Caching Proxy with SSL\" href=\"https:\/\/infotechguy.net\/squid-3-1-caching-proxy-with-ssl\/\">securing a guest network web access with Squid and SquidGuard<\/a>, I wanted to share how I came about creating a Splash Page for Guest users of my Free WiFi hotspot. My goal was to present new Guests with a splash page identifying certain Terms of Usage, etc. Basically we will need a HTML or PHP Splash Page, an ACL identifying the Guests by IP, an external ACL program (squid_session), and a Deny with Information (deny_info).<br \/>\n<!--more--><br \/>\nSome prelimary info:<\/p>\n<ul>\n<li>Squid 3.1.19<\/li>\n<li>Ubuntu 12.04.2 64-bit Server Edition<\/li>\n<li>Apache2 w\/PHP5 Installed<\/li>\n<li>Guest&#8217;s Subnet 192.168.1.0\/24<\/li>\n<\/ul>\n<ol>\n<li>\n<h4>Confirm you have the External ACL Helper Installed<\/h4>\n<p>Search for a program called <strong>squid_session<\/strong>, mine was located in <strong>\/usr\/lib\/squid3\/squid_session<\/strong>. If you do not have this installed, you will need to uninstall squid, and reinstall it from source with squid_session. (outside the scope of this post.)<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">find \/ -name squid_session -print<\/pre>\n<\/li>\n<li>\n<h4>Create Session Database file<\/h4>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">touch \/home\/user\/sessions.db \nchown squid. sessions.db<\/pre>\n<p><strong>NOTICE:<\/strong> You have to give whatever user runs the squid process access to this file.<\/li>\n<li>\n<h4>Configure Squid<\/h4>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">vi \/etc\/squid3\/squid.conf\n#Add the following to the conf file:\n#ACL\nacl gNetwork src 192.168.1.0\/24\n\n...omitted...\n\n#splash page\nexternal_acl_type sessions ttl=60 negative_ttl=0 children=1 concurrency=100 %SRC \/usr\/lib\/squid3\/squid_session -t 30 -b \/home\/user\/sessions.db\nacl guest_sessions external sessions\ndeny_info http:\/\/192.168.0.2\/splash.php?url=%s guest_sessions\nhttp_access deny gNetwork !guest_sessions\n<\/pre>\n<ul>\n<li><strong>external_acl_type<\/strong> &#8212; denotes that an external ACL helper will be used to determine validity<\/li>\n<li><strong>acl guest_sessions external sessions<\/strong> &#8212; creates a new ACL called guest_sessions that will use the external ACL from above<\/li>\n<li><strong>deny_info <\/strong>&#8212; location of page to be presented when user is denied. %s is a dynamic variable that contains the original URL the user tried to go to.<\/li>\n<li><strong>http_access deny <\/strong>&#8212; in this statement we deny every client in the gNetwork range of 192.168.1.0\/24 <strong>unless<\/strong>, they are part of the guest_sessions ACL.<\/li>\n<\/ul>\n<\/li>\n<li>\n<h4>Create Splash Page<\/h4>\n<p>A splash page should contain any content that you want to present to your users. In my case I create one with basic Terms of Usage, such as no illegal activity, or downloading of large files, etc. Now remember our last deny_info statment? the <strong>splash.php?url=%s <\/strong> This is important as this is how we will remember what URL our user tried to go to before forcing them to the splash page.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"html\">&lt;html&gt; \n...omitted HTML head and title... \n&lt;body&gt; bla bla bla bla \n&lt;h4&gt; By clicking accept you accept the terms of usage explained above for WiFi Usage&lt;\/h4&gt; \n&lt;?php echo '&lt;form action=\"' . htmlspecialcars($_GET[\"url\"]) . '\" target=\"_blank\"&gt; \n&lt;input type=\"submit\" value=\"Accept\" \/&gt;&lt;\/form&gt;' ?&gt; \n&lt;\/body&gt; \n&lt;\/html&gt;<\/pre>\n<p>&nbsp;<\/p>\n<p><strong>NOTICE:<\/strong> I use PHP here to capture the url=value and place it in the HTML form. When a user clicks the form the action is the URL they originally tried to visit, so they will be navigated there.<\/li>\n<li>\n<h3>Restart squid3<\/h3>\n<p>Restart <strong>squid3<\/strong> to ensure that the child process squid_session starts..<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">service squid3 restart<\/pre>\n<p>Verify <strong>squid_session<\/strong> process:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">ps gaux |grep squid_session<\/pre>\n<\/li>\n<\/ol>\n<h3>Other Thoughts<\/h3>\n<p>The above example is not entirely secure in presenting the page properly to each user at a set interval. <em>See the squid3 documentation below in the source section<\/em>. For example, if a user on the <strong>gNetwork<\/strong> tries to navigate to a web site, they are presented with the Splash page, once the Splash page has been sent to them they are now stored in the squid_session helper, <strong>before<\/strong> they click accept. The concern here is liability, if you are setting this up for a massive Free WiFi network and have legitimate legal concerns, etc. You should look into the <strong>active squid_session method<\/strong>. From my understanding, this method allows you to set more than just a client&#8217;s IP as a valid check, you could have them enter their email address or something else identifiable. I was unable to figure out how to incorporate Squid Sessions with Active Method, but if someone has please comment! I would like to see what you did to make it work.<\/p>\n<p>Sources:<\/p>\n<ul>\n<li><a href=\"http:\/\/wiki.squid-cache.org\/ConfigExamples\/Portal\/Splash\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/wiki.squid-cache.org\/ConfigExamples\/Portal\/Splash<\/a><\/li>\n<li><a href=\"http:\/\/www.squid-cache.org\/Doc\/config\/acl\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.squid-cache.org\/Doc\/config\/acl\/<\/a><\/li>\n<li><a href=\"http:\/\/www.squid-cache.org\/Doc\/config\/external_acl_type\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.squid-cache.org\/Doc\/config\/external_acl_type\/<\/a><\/li>\n<li><a href=\"http:\/\/www.squid-cache.org\/Doc\/config\/deny_info\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.squid-cache.org\/Doc\/config\/deny_info\/<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Hi All! So after my last article regarding securing a guest network web access with Squid and SquidGuard, I wanted to share how I came about creating a Splash Page for Guest users of my&#46;&#46;&#46;<\/p>\n","protected":false},"author":2,"featured_media":4240,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[86],"class_list":["post-1061","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux"],"_links":{"self":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts\/1061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1061"}],"version-history":[{"count":1,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts\/1061\/revisions"}],"predecessor-version":[{"id":4169,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts\/1061\/revisions\/4169"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/media\/4240"}],"wp:attachment":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}