We are using ClearOS 6.8.0 in our network as the internet server. The <blockquote>Web Proxy - Transparent</blockquote> mode is disabled, so computers in the network are configured to connect to the ClearOS server as the proxy server. This configuration works ok and the systems can access the web fine.
Now we are facing an issue that URLs that are suffixed with a port number (eg. https://servername:8088) is not accessible from our network..
We tried to allow the specific port number in the "Incoming Firewall" settings, but that doesnt help. Which makes sense, as the incoming firewall settings are for connections coming into the clearos server, and not when accessing a remote machine.
We also found that by adding <blockquote>servename:8088</blockquote> to the proxy exception list on the client computers' internet options, the page can be loaded fine. So it seems like the proxy server is blocking the connection when a port name is suffixed to the URL.
Any suggestions as to how we can configure at the proxy (ClearOS server) level to allow connections to URLs in the format - ort" target="_blank">https://servernameort, rather than adding the URLs to the proxy exception list in the client machines.
Looking forward to your advice..
Now we are facing an issue that URLs that are suffixed with a port number (eg. https://servername:8088) is not accessible from our network..
We tried to allow the specific port number in the "Incoming Firewall" settings, but that doesnt help. Which makes sense, as the incoming firewall settings are for connections coming into the clearos server, and not when accessing a remote machine.
We also found that by adding <blockquote>servename:8088</blockquote> to the proxy exception list on the client computers' internet options, the page can be loaded fine. So it seems like the proxy server is blocking the connection when a port name is suffixed to the URL.
Any suggestions as to how we can configure at the proxy (ClearOS server) level to allow connections to URLs in the format - ort" target="_blank">https://servernameort, rather than adding the URLs to the proxy exception list in the client machines.
Looking forward to your advice..
In Firewall
Share this post:
Accepted Answer
In /etc/squid.conf do you have any entries like this?
acl SSL_ports port 443
acl SSL_ports port 81
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 81
acl Safe_ports port 82
acl Safe_ports port 83
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »