Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Kurczewski, Bartłomiej (WP.PL)
Hi,
I have a problem to login to one website (http://intouch.techdata.com)
using Squid 3.5.20 on Centos 7 with default Squid configuration, which
is acting as web proxy (non-transparent) on 3128 port in my network:

--------------------------------------------------------------------------
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
------------------------------------------------------------------------------


In a FF browser with my Squid server settings I put correct password on
techdata website, but webpage redirect me to the same web form and
doesn't allow to login. The password is correct, because when I put
wrong password I got JavaScript alert from this website that password is
incorrect.

When I disable using Squid proxy in FF and use normal PAT connection via
my Juniper firewall everything works perfect on the same machine and I
can login to TechData website.
I Squid access.log I can see only this:

-----------------------------------------------------------------
1500364995.497    140 10.48.22.33 TCP_MISS/302 735 GET
http://intouch.techdata.com/intouch/Home.aspx? -
HIER_DIRECT/192.230.78.204 text/html
-----------------------------------------------------------------

I suspect some problems with redirection on TechData website, but spend
hours in Internet to find solution, unfortunately without success....
Maybe you can help me?

Regards,
iziz1

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Eliezer Croitoru
Hey iziz1,

Can you try to add squid.conf the next and see if it affects anything:
forwarded_for delete
via off

http://www.squid-cache.org/Doc/config/via/
http://www.squid-cache.org/Doc/config/forwarded_for/

And see if it changes anything?

Let Me Know if something changes,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]



-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Kurczewski, Bart?omiej (WP.PL)
Sent: Tuesday, July 18, 2017 15:56
To: [hidden email]
Subject: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Hi,
I have a problem to login to one website (http://intouch.techdata.com)
using Squid 3.5.20 on Centos 7 with default Squid configuration, which
is acting as web proxy (non-transparent) on 3128 port in my network:

--------------------------------------------------------------------------
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
------------------------------------------------------------------------------


In a FF browser with my Squid server settings I put correct password on
techdata website, but webpage redirect me to the same web form and
doesn't allow to login. The password is correct, because when I put
wrong password I got JavaScript alert from this website that password is
incorrect.

When I disable using Squid proxy in FF and use normal PAT connection via
my Juniper firewall everything works perfect on the same machine and I
can login to TechData website.
I Squid access.log I can see only this:

-----------------------------------------------------------------
1500364995.497    140 10.48.22.33 TCP_MISS/302 735 GET
http://intouch.techdata.com/intouch/Home.aspx? -
HIER_DIRECT/192.230.78.204 text/html
-----------------------------------------------------------------

I suspect some problems with redirection on TechData website, but spend
hours in Internet to find solution, unfortunately without success....
Maybe you can help me?

Regards,
iziz1

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Amos Jeffries
Administrator
On 20/07/17 06:08, Eliezer Croitoru wrote:

> Hey iziz1,
>
> Can you try to add squid.conf the next and see if it affects anything:
> forwarded_for delete
> via off
>
> http://www.squid-cache.org/Doc/config/via/
> http://www.squid-cache.org/Doc/config/forwarded_for/
>
> And see if it changes anything?
>

Er, try those one at a time.

If the forwarded_for delete works, also try "forwarded_for transparent"
and use just that if sufficient.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Kurczewski, Bartłomiej (WP.PL)
In reply to this post by Eliezer Croitoru
Hi Eliezer,
First of all I would like to thank you for fast answer.
And my second "thanks" is for your help.
Your solution works, and the problem has been solved.

Regards,
iziz1

W dniu 2017-07-19 o 20:08, Eliezer Croitoru pisze:

> Hey iziz1,
>
> Can you try to add squid.conf the next and see if it affects anything:
> forwarded_for delete
> via off
>
> http://www.squid-cache.org/Doc/config/via/
> http://www.squid-cache.org/Doc/config/forwarded_for/
>
> And see if it changes anything?
>
> Let Me Know if something changes,
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: [hidden email]
>
>
>
> -----Original Message-----
> From: squid-users [mailto:[hidden email]] On Behalf Of Kurczewski, Bart?omiej (WP.PL)
> Sent: Tuesday, July 18, 2017 15:56
> To: [hidden email]
> Subject: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7
>
> Hi,
> I have a problem to login to one website (http://intouch.techdata.com)
> using Squid 3.5.20 on Centos 7 with default Squid configuration, which
> is acting as web proxy (non-transparent) on 3128 port in my network:
>
> --------------------------------------------------------------------------
> #
> # Recommended minimum configuration:
> #
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7       # RFC 4193 local private network range
> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
> machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
>
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
>
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> http_access deny all
>
> # Squid normally listens to port 3128
> http_port 3128
>
> # Uncomment and adjust the following to add a disk cache directory.
> #cache_dir ufs /var/spool/squid 100 16 256
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> ------------------------------------------------------------------------------
>
>
> In a FF browser with my Squid server settings I put correct password on
> techdata website, but webpage redirect me to the same web form and
> doesn't allow to login. The password is correct, because when I put
> wrong password I got JavaScript alert from this website that password is
> incorrect.
>
> When I disable using Squid proxy in FF and use normal PAT connection via
> my Juniper firewall everything works perfect on the same machine and I
> can login to TechData website.
> I Squid access.log I can see only this:
>
> -----------------------------------------------------------------
> 1500364995.497    140 10.48.22.33 TCP_MISS/302 735 GET
> http://intouch.techdata.com/intouch/Home.aspx? -
> HIER_DIRECT/192.230.78.204 text/html
> -----------------------------------------------------------------
>
> I suspect some problems with redirection on TechData website, but spend
> hours in Internet to find solution, unfortunately without success....
> Maybe you can help me?
>
> Regards,
> iziz1
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Kurczewski, Bartłomiej (WP.PL)
In reply to this post by Amos Jeffries
Hi Amos,
As I wrote to Eliezer, his solution works.
Thank you for your help as well.

Rgrds,
iziz1

W dniu 2017-07-20 o 02:04, Amos Jeffries pisze:

> On 20/07/17 06:08, Eliezer Croitoru wrote:
>> Hey iziz1,
>>
>> Can you try to add squid.conf the next and see if it affects anything:
>> forwarded_for delete
>> via off
>>
>> http://www.squid-cache.org/Doc/config/via/
>> http://www.squid-cache.org/Doc/config/forwarded_for/
>>
>> And see if it changes anything?
>>
>
> Er, try those one at a time.
>
> If the forwarded_for delete works, also try "forwarded_for transparent"
> and use just that if sufficient.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Eliezer Croitoru
In reply to this post by Kurczewski, Bartłomiej (WP.PL)
Hey iziz1,

Try to work with what Amos suggested.
Try to first turn on the via ie:
via on

and see if still works fine.
If indeed it works fine then try to change the
forwarded_for delete
into
forwarded_for transparent

and see what works for you.
It’s better to leave the via on and not off.
But from what I understand it seems that this site(is it a bank?) is broken and their webmaster and security personal should be aware of your findings for their sake.
It can cause their system act in a very weird way.

All The Bests,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]



-----Original Message-----
From: Kurczewski, Bartłomiej (WP.PL) [mailto:[hidden email]]
Sent: Thursday, July 20, 2017 10:20
To: Eliezer Croitoru <[hidden email]>; [hidden email]
Subject: Re: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Hi Eliezer,
First of all I would like to thank you for fast answer.
And my second "thanks" is for your help.
Your solution works, and the problem has been solved.

Regards,
iziz1

W dniu 2017-07-19 o 20:08, Eliezer Croitoru pisze:

> Hey iziz1,
>
> Can you try to add squid.conf the next and see if it affects anything:
> forwarded_for delete
> via off
>
> http://www.squid-cache.org/Doc/config/via/
> http://www.squid-cache.org/Doc/config/forwarded_for/
>
> And see if it changes anything?
>
> Let Me Know if something changes,
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: [hidden email]
>
>
>
> -----Original Message-----
> From: squid-users [mailto:[hidden email]] On Behalf Of Kurczewski, Bart?omiej (WP.PL)
> Sent: Tuesday, July 18, 2017 15:56
> To: [hidden email]
> Subject: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7
>
> Hi,
> I have a problem to login to one website (http://intouch.techdata.com)
> using Squid 3.5.20 on Centos 7 with default Squid configuration, which
> is acting as web proxy (non-transparent) on 3128 port in my network:
>
> --------------------------------------------------------------------------
> #
> # Recommended minimum configuration:
> #
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7       # RFC 4193 local private network range
> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
> machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
>
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
>
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> http_access deny all
>
> # Squid normally listens to port 3128
> http_port 3128
>
> # Uncomment and adjust the following to add a disk cache directory.
> #cache_dir ufs /var/spool/squid 100 16 256
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> ------------------------------------------------------------------------------
>
>
> In a FF browser with my Squid server settings I put correct password on
> techdata website, but webpage redirect me to the same web form and
> doesn't allow to login. The password is correct, because when I put
> wrong password I got JavaScript alert from this website that password is
> incorrect.
>
> When I disable using Squid proxy in FF and use normal PAT connection via
> my Juniper firewall everything works perfect on the same machine and I
> can login to TechData website.
> I Squid access.log I can see only this:
>
> -----------------------------------------------------------------
> 1500364995.497    140 10.48.22.33 TCP_MISS/302 735 GET
> http://intouch.techdata.com/intouch/Home.aspx? -
> HIER_DIRECT/192.230.78.204 text/html
> -----------------------------------------------------------------
>
> I suspect some problems with redirection on TechData website, but spend
> hours in Internet to find solution, unfortunately without success....
> Maybe you can help me?
>
> Regards,
> iziz1
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Kurczewski, Bartłomiej (WP.PL)
Hi Eliezer,
According to your and Amos suggestions I have change squid.conf by
making "via on" and setting only "forwarded_for transparent".
And I can login to TechData website (which is not a bank, but IT
technology distributor) without any problems.
Thank you for you advice and help.

Rgdrs,
iziz1

W dniu 2017-07-20 o 10:04, Eliezer Croitoru pisze:

> Hey iziz1,
>
> Try to work with what Amos suggested.
> Try to first turn on the via ie:
> via on
>
> and see if still works fine.
> If indeed it works fine then try to change the
> forwarded_for delete
> into
> forwarded_for transparent
>
> and see what works for you.
> It’s better to leave the via on and not off.
> But from what I understand it seems that this site(is it a bank?) is broken and their webmaster and security personal should be aware of your findings for their sake.
> It can cause their system act in a very weird way.
>
> All The Bests,
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: [hidden email]
>
>
>
> -----Original Message-----
> From: Kurczewski, Bartłomiej (WP.PL) [mailto:[hidden email]]
> Sent: Thursday, July 20, 2017 10:20
> To: Eliezer Croitoru <[hidden email]>; [hidden email]
> Subject: Re: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7
>
> Hi Eliezer,
> First of all I would like to thank you for fast answer.
> And my second "thanks" is for your help.
> Your solution works, and the problem has been solved.
>
> Regards,
> iziz1
>
> W dniu 2017-07-19 o 20:08, Eliezer Croitoru pisze:
>> Hey iziz1,
>>
>> Can you try to add squid.conf the next and see if it affects anything:
>> forwarded_for delete
>> via off
>>
>> http://www.squid-cache.org/Doc/config/via/
>> http://www.squid-cache.org/Doc/config/forwarded_for/
>>
>> And see if it changes anything?
>>
>> Let Me Know if something changes,
>> Eliezer
>>
>> ----
>> Eliezer Croitoru
>> Linux System Administrator
>> Mobile: +972-5-28704261
>> Email: [hidden email]
>>
>>
>>
>> -----Original Message-----
>> From: squid-users [mailto:[hidden email]] On Behalf Of Kurczewski, Bart?omiej (WP.PL)
>> Sent: Tuesday, July 18, 2017 15:56
>> To: [hidden email]
>> Subject: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7
>>
>> Hi,
>> I have a problem to login to one website (http://intouch.techdata.com)
>> using Squid 3.5.20 on Centos 7 with default Squid configuration, which
>> is acting as web proxy (non-transparent) on 3128 port in my network:
>>
>> --------------------------------------------------------------------------
>> #
>> # Recommended minimum configuration:
>> #
>>
>> # Example rule allowing access from your local networks.
>> # Adapt to list your (internal) IP networks from where browsing
>> # should be allowed
>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>> acl localnet src fc00::/7       # RFC 4193 local private network range
>> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
>> machines
>>
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>>
>> #
>> # Recommended minimum Access Permission configuration:
>> #
>> # Deny requests to certain unsafe ports
>> http_access deny !Safe_ports
>>
>> # Deny CONNECT to other than secure SSL ports
>> http_access deny CONNECT !SSL_ports
>>
>> # Only allow cachemgr access from localhost
>> http_access allow localhost manager
>> http_access deny manager
>>
>> # We strongly recommend the following be uncommented to protect innocent
>> # web applications running on the proxy server who think the only
>> # one who can access services on "localhost" is a local user
>> #http_access deny to_localhost
>>
>> #
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>> #
>>
>> # Example rule allowing access from your local networks.
>> # Adapt localnet in the ACL section to list your (internal) IP networks
>> # from where browsing should be allowed
>> http_access allow localnet
>> http_access allow localhost
>>
>> # And finally deny all other access to this proxy
>> http_access deny all
>>
>> # Squid normally listens to port 3128
>> http_port 3128
>>
>> # Uncomment and adjust the following to add a disk cache directory.
>> #cache_dir ufs /var/spool/squid 100 16 256
>>
>> # Leave coredumps in the first cache dir
>> coredump_dir /var/spool/squid
>>
>> #
>> # Add any of your own refresh_pattern entries above these.
>> #
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>> ------------------------------------------------------------------------------
>>
>>
>> In a FF browser with my Squid server settings I put correct password on
>> techdata website, but webpage redirect me to the same web form and
>> doesn't allow to login. The password is correct, because when I put
>> wrong password I got JavaScript alert from this website that password is
>> incorrect.
>>
>> When I disable using Squid proxy in FF and use normal PAT connection via
>> my Juniper firewall everything works perfect on the same machine and I
>> can login to TechData website.
>> I Squid access.log I can see only this:
>>
>> -----------------------------------------------------------------
>> 1500364995.497    140 10.48.22.33 TCP_MISS/302 735 GET
>> http://intouch.techdata.com/intouch/Home.aspx? -
>> HIER_DIRECT/192.230.78.204 text/html
>> -----------------------------------------------------------------
>>
>> I suspect some problems with redirection on TechData website, but spend
>> hours in Internet to find solution, unfortunately without success....
>> Maybe you can help me?
>>
>> Regards,
>> iziz1
>>
>> _______________________________________________
>> squid-users mailing list
>> [hidden email]
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>
>
>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Amos Jeffries
Administrator
In reply to this post by Kurczewski, Bartłomiej (WP.PL)
On 20/07/17 19:24, Kurczewski, Bartłomiej (WP.PL) wrote:
> Hi Amos,
> As I wrote to Eliezer, his solution works.
> Thank you for your help as well.
>

Eliezers 'solution' was to outright delete the headers HTTP uses to
protect your server against forwarding loops (Via), and to allow
back-tracking of abusive transactions (X-Forwarded-For / Forwarded).

Both quite important things to leave working if you can. Which is why I
suggested trying them one at a time and using the least amount of
traffic manipulation that would actually fix the problem.

FWIW a lot of the server-side brokenness regarding those headers is a
result of beginner web developers never having encountered such headers
in their narrow periods of time looking at headers. The more experience
that can be thrown in their direction through real traffic the more
benefits we all get as proxy admin - through less broken site codes.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...