Forums

Resolved
0 votes
Hi Team,


Hope every person is fine during this pandemic.


I'm Using ClearOS 7 Community edition in my Test Lab.
My Web Proxy Version 2.3.5
My Authentication Mode is Non Transparent + User Authentication
User Authentication is Enabled
NTLM Mode is Disabled

1st Question
Proxy Is asking User Name and Password is LAN , if I Connect to Wi Fi then its work , but not asking for the user name and password in the browser prompt.

2nd Question Access Denied For ClearOS Website
I already add Network Address 52.4.160.28 in Web Proxy by Pass.
But Still I'm not able to Open ClearOS website , That is https://www.clearos.com
https://i.ibb.co/XsdR3Qn/Web-Proxy-2.png



3rd Question
I Already add google.co.in & youtube.com Authentication Exception Sites. Google.co.in is opening fine , but youtube.com is not opening.
https://i.ibb.co/Kx3KB0w/YouTube.png


Below is the Other Screenshot related to my topic.
https://i.ibb.co/cQKCmgv/Web-Proxy-4.png
Web Proxy Show me Error :
Web Site Status : Access denied
Internet Connection Status : Online
https://i.ibb.co/fNkDpW4/Web-Proxy-1.png
https://i.ibb.co/4VvJwwk/Web-Proxy-3.png




Log
tail -f /var/log/squid/access.log


1603209571.733 42 122.111.00.33 TCP_DENIED/403 875 GET http://google.co.uk/ - HIER_NONE/- text/html
1603209571.821 12 122.111.00.33 TCP_DENIED/403 895 CONNECT incoming.telemetry.mozilla.org:443 - HIER_NONE/- text/html
1603209571.885 45 122.111.00.33 TCP_MISS/302 488 GET http://192.10.10.2:82/approot/web_proxy/htdocs/warning.php? - HIER_DIRECT/192.10.10.2 text/html
1603209572.078 168 122.111.00.33 TCP_MISS/200 2617 GET http://192.10.10.2:82/app/web_proxy/warning/index/ACCESS_DENIED/aHR0cDovL2dvb2dsZS5jby51ay8./W3Vua25vd25d/bm90aGluZw.. - HIER_DIRECT/192.10.10.2 text/html
1603209572.225 3 122.111.00.33 TCP_MISS/200 808 GET http://192.10.10.2:82/js/globals.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.235 3 122.111.00.33 TCP_MISS/200 1111 GET http://192.10.10.2:82/js/widgets.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.243 3 122.111.00.33 TCP_MISS/200 1265 GET http://192.10.10.2:82/approot/web_proxy/htdocs/web_proxy.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.278 5 122.111.00.33 TCP_MISS/200 2445 GET http://192.10.10.2:82/themes/ClearOS-Admin/js/translations.js.php? - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.325 1 122.111.00.33 TCP_MISS/200 24923 GET http://192.10.10.2:82/themes/ClearOS-Admin/fonts/EquipLig-webfont.woff2 - HIER_DIRECT/192.10.10.2 -
1603209572.329 0 122.111.00.33 TCP_MISS/200 51883 GET http://192.10.10.2:82/themes/ClearOS-Admin/fonts/roboto-light.woff2 - HIER_DIRECT/192.10.10.2 -
1603209574.494 2096 122.111.00.33 TCP_MISS/200 737 GET http://192.10.10.2:82/app/web_proxy/warning/get_status? - HIER_DIRECT/192.10.10.2 application/json
1603209574.681 2260 122.111.00.33 TCP_MISS/200 13016 GET http://192.10.10.2:82/app/marketplace/ajax/get_app_details/web_proxy/0? - HIER_DIRECT/192.10.10.2 application/json
1603209588.324 2 122.111.00.33 TCP_DENIED/403 892 CONNECT shavar.services.mozilla.com:443 - HIER_NONE/- text/html
1603209608.560 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209608.874 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.078 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.590 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.926 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209611.663 189 122.111.00.33 TCP_DENIED/403 873 GET http://adni18.com/ - HIER_NONE/- text/html
1603209611.861 42 122.111.00.33 TCP_MISS/302 484 GET http://192.10.10.2:82/approot/web_proxy/htdocs/warning.php? - HIER_DIRECT/192.10.10.2 text/html
1603209612.070 185 122.111.00.33 TCP_MISS/200 2498 GET http://192.10.10.2:82/app/web_proxy/warning/index/ACCESS_DENIED/aHR0cDovL2FkbmkxOC5jb20v/W3Vua25vd25d/bm90aGluZw.. - HIER_DIRECT/192.10.10.2 text/html
1603209612.142 3 122.111.00.33 TCP_MISS/200 808 GET http://192.10.10.2:82/js/globals.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.155 5 122.111.00.33 TCP_MISS/200 2445 GET http://192.10.10.2:82/themes/ClearOS-Admin/js/translations.js.php? - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.156 6 122.111.00.33 TCP_MISS/200 1265 GET http://192.10.10.2:82/approot/web_proxy/htdocs/web_proxy.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.156 6 122.111.00.33 TCP_MISS/200 1111 GET http://192.10.10.2:82/js/widgets.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209614.271 2057 122.111.00.33 TCP_MISS/200 737 GET http://192.10.10.2:82/app/web_proxy/warning/get_status? - HIER_DIRECT/192.10.10.2 application/json
1603209614.435 2215 122.111.00.33 TCP_MISS/200 13016 GET http://192.10.10.2:82/app/marketplace/ajax/get_app_details/web_proxy/0? - HIER_DIRECT/192.10.10.2 application/json
1603209626.090 1 122.111.00.33 TCP_DENIED/403 898 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html

Thank You & Regards
Lalatendu
Tuesday, October 20 2020, 03:38 PM
Like
1
Share this post:

Accepted Answer

Tuesday, October 20 2020, 04:58 PM - #Permalink
Resolved
1 votes
Q1 - Is your WiFi part of a HotLAN. I don't believe that gets filtered by the proxy. Another thought is that you are using a router as a WAP but you have the router working as a router, i.e router WAN connected to ClearOS LAN. In this case, anyone authenticating on the router LAN will authenticate for everyone as all traffic will appear to the proxy to come from a single IP address - the router WAN IP. To get round this you should connect the router LAN to the ClearOS LAN and ignore the router WAN. Remember to turn off the router DHCP and give it an IP on your ClearOS LAN.

Q2 - Anything you bypass in the proxy, you should also bypass in your browser settings.

Q3 - How does the Youtube site say you should configure a proxy - but never set up an exception for a domain and a subdomain of the same site.

This post is crossing with a reply coming in, but I'm posting anyway to see the reply.
The reply is currently minimized Show
Responses (9)
  • Accepted Answer

    Tuesday, October 20 2020, 05:17 PM - #Permalink
    Resolved
    1 votes
    Nick Howitt wrote:

    See what I said about authentication exception sites. If you have any overlap with the domains/subdomains, squid may refuse to start.



    Hi Nick ,

    After add the Site list in browser proxy by pass list i'm able to access the ClearOs.com and other web Site.
    The more I praise, the less it will be for you.


    Regards
    Lalatendu
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 05:11 PM - #Permalink
    Resolved
    0 votes
    You can hand edit the file if you want - /etc/squid/squid_whitelists.conf
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 05:05 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Q1 - Is your WiFI part of a HotLAN. I don't believe that gets filtered by the proxy. Another thought is that you are using a router as a WAP but you have the router working as a router, i.e router WAN connected to ClearOS LAN. In this case, anyone authenticating on the router LAN will authenticate for everyone as all traffic will appear to the proxy to come from a single IP address - the router WAN IP. To get round this you should connect the router LAN to the ClearOS LAN and ignore the router WAN. Remember to turn off the router DHCP and give it an IP on your ClearOS LAN.

    Q2 - Anything you bypass in the proxy, you should also bypass in your browser settings.

    Q3 - How does the Youtube site say you should configure a proxy - but never set up an exception for a domain and a subdomain of the same site.

    This post is crossing with a reply coming in, but I'm posting anyway to see the reply.



    My Wi Fi is another Service Provider rather than my test lab.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 05:04 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    See what I said about authentication exception sites. If you have any overlap with the domains/subdomains, squid may refuse to start.



    Can I remove the domain list and restart ?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 05:02 PM - #Permalink
    Resolved
    1 votes
    See what I said about authentication exception sites. If you have any overlap with the domains/subdomains, squid may refuse to start.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 05:02 PM - #Permalink
    Resolved
    0 votes
    Now Its Showing the below error

    [root@gateway ~]# systemctl status squid.service
    ● squid.service - Squid caching proxy
    Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Tue 2020-10-20 22:20:21 IST; 9min ago
    Process: 7746 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=1/FAILURE)
    Process: 7740 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)

    Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Bungled /etc/squid/squid_whitelists.conf line 7: acl whitelist_destination_domains dstdomain .yahoo.com
    Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: FATAL: Bungled /etc/squid/squid_whitelists.conf line 7: acl whitelist_destination_domains dstdomain .yahoo.com
    Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Squid Cache (Version 3.5.20): Terminated abnormally.
    Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: CPU Usage: 0.009 seconds = 0.004 user + 0.006 sys
    Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Maximum Resident Size: 26208 KB
    Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Page faults with physical i/o: 0
    Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: squid.service: control process exited, code=exited status=1
    Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: Failed to start Squid caching proxy.
    Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: Unit squid.service entered failed state.
    Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: squid.service failed.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 04:53 PM - #Permalink
    Resolved
    0 votes
    Patrick de Brabander wrote:

    Hi,

    I'm having the same issue after a server restart (reported earlier)
    For me it work to stop & start Content Filter Engine and Web Proxy Server
    - stop Web Proxy Server
    - stop Content Filter Engine
    - start Web Proxy Server
    - start Content Filter Engine

    (i think this was the sequence.... )



    After Stop the Web Proxy Server is not On now !!!
    https://i.ibb.co/NsfhXT2/Proxy-Issue-After-Restart.png


    Any Idea ?

    Regards
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 04:39 PM - #Permalink
    Resolved
    0 votes
    Patrick de Brabander wrote:

    Hi,

    I'm having the same issue after a server restart (reported earlier)
    For me it work to stop & start Content Filter Engine and Web Proxy Server
    - stop Web Proxy Server
    - stop Content Filter Engine
    - start Web Proxy Server
    - start Content Filter Engine

    (i think this was the sequence.... )
    Let Me Check.

    Regards
    Lalatendu
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 20 2020, 04:30 PM - #Permalink
    Resolved
    0 votes
    Hi,

    I'm having the same issue after a server restart (reported earlier)
    For me it work to stop & start Content Filter Engine and Web Proxy Server
    - stop Web Proxy Server
    - stop Content Filter Engine
    - start Web Proxy Server
    - start Content Filter Engine

    (i think this was the sequence.... )
    The reply is currently minimized Show
Your Reply