[squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Eliezer Croitoru eliezer at ngtech.co.il
Thu Jul 20 08:04:56 UTC 2017


Hey iziz1,

Try to work with what Amos suggested.
Try to first turn on the via ie:
via on

and see if still works fine.
If indeed it works fine then try to change the 
forwarded_for delete
into
forwarded_for transparent

and see what works for you.
It’s better to leave the via on and not off.
But from what I understand it seems that this site(is it a bank?) is broken and their webmaster and security personal should be aware of your findings for their sake.
It can cause their system act in a very weird way.

All The Bests,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



-----Original Message-----
From: Kurczewski, Bartłomiej (WP.PL) [mailto:iziz1 at poczta.wp.pl] 
Sent: Thursday, July 20, 2017 10:20
To: Eliezer Croitoru <eliezer at ngtech.co.il>; squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7

Hi Eliezer,
First of all I would like to thank you for fast answer.
And my second "thanks" is for your help.
Your solution works, and the problem has been solved.

Regards,
iziz1

W dniu 2017-07-19 o 20:08, Eliezer Croitoru pisze:
> Hey iziz1,
> 
> Can you try to add squid.conf the next and see if it affects anything:
> forwarded_for delete
> via off
> 
> http://www.squid-cache.org/Doc/config/via/
> http://www.squid-cache.org/Doc/config/forwarded_for/
> 
> And see if it changes anything?
> 
> Let Me Know if something changes,
> Eliezer
> 
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
> 
> 
> 
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Kurczewski, Bart?omiej (WP.PL)
> Sent: Tuesday, July 18, 2017 15:56
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7
> 
> Hi,
> I have a problem to login to one website (http://intouch.techdata.com)
> using Squid 3.5.20 on Centos 7 with default Squid configuration, which
> is acting as web proxy (non-transparent) on 3128 port in my network:
> 
> --------------------------------------------------------------------------
> #
> # Recommended minimum configuration:
> #
> 
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
> acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
> acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
> acl localnet src fc00::/7       # RFC 4193 local private network range
> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
> machines
> 
> acl SSL_ports port 443
> acl Safe_ports port 80		# http
> acl Safe_ports port 21		# ftp
> acl Safe_ports port 443		# https
> acl Safe_ports port 70		# gopher
> acl Safe_ports port 210		# wais
> acl Safe_ports port 1025-65535	# unregistered ports
> acl Safe_ports port 280		# http-mgmt
> acl Safe_ports port 488		# gss-http
> acl Safe_ports port 591		# filemaker
> acl Safe_ports port 777		# multiling http
> acl CONNECT method CONNECT
> 
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
> 
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> 
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
> 
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
> 
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> 
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
> 
> # And finally deny all other access to this proxy
> http_access deny all
> 
> # Squid normally listens to port 3128
> http_port 3128
> 
> # Uncomment and adjust the following to add a disk cache directory.
> #cache_dir ufs /var/spool/squid 100 16 256
> 
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
> 
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp:		1440	20%	10080
> refresh_pattern ^gopher:	1440	0%	1440
> refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
> refresh_pattern .		0	20%	4320
> ------------------------------------------------------------------------------
> 
> 
> In a FF browser with my Squid server settings I put correct password on
> techdata website, but webpage redirect me to the same web form and
> doesn't allow to login. The password is correct, because when I put
> wrong password I got JavaScript alert from this website that password is
> incorrect.
> 
> When I disable using Squid proxy in FF and use normal PAT connection via
> my Juniper firewall everything works perfect on the same machine and I
> can login to TechData website.
> I Squid access.log I can see only this:
> 
> -----------------------------------------------------------------
> 1500364995.497    140 10.48.22.33 TCP_MISS/302 735 GET
> http://intouch.techdata.com/intouch/Home.aspx? -
> HIER_DIRECT/192.230.78.204 text/html
> -----------------------------------------------------------------
> 
> I suspect some problems with redirection on TechData website, but spend
> hours in Internet to find solution, unfortunately without success....
> Maybe you can help me?
> 
> Regards,
> iziz1
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> 



More information about the squid-users mailing list