Issue
Proxy Server Issue
Hi Team,
Hope every person is fine during this pandemic.
I'm Using ClearOS 7 Community edition in my Test Lab.
My Web Proxy Version 2.3.5
My Authentication Mode is Non Transparent + User Authentication
User Authentication is Enabled
NTLM Mode is Disabled
1st Question
Proxy Is asking User Name and Password is LAN , if I Connect to Wi Fi then its work , but not asking for the user name and password in the browser prompt.
2nd Question Access Denied For ClearOS Website
I already add Network Address 52.4.160.28 in Web Proxy by Pass.
But Still I'm not able to Open ClearOS website , That is https://sfj48-fkj200.heiksthsd.cf
3rd Question
I Already add google.co.in & youtube.com Authentication Exception Sites. Google.co.in is opening fine , but youtube.com is not opening.
Below is the Other Screenshot related to my topic.
Web Proxy Show me Error :
Web Site Status : Access denied
Internet Connection Status : Online
Log
tail -f /var/log/squid/access.log
1603209571.733 42 122.111.00.33 TCP_DENIED/403 875 GET http://google.co.uk/ - HIER_NONE/- text/html
1603209571.821 12 122.111.00.33 TCP_DENIED/403 895 CONNECT incoming.telemetry.mozilla.org:443 - HIER_NONE/- text/html
1603209571.885 45 122.111.00.33 TCP_MISS/302 488 GET http://192.10.10.2:82/approot/web_proxy/htdocs/warning.php? - HIER_DIRECT/192.10.10.2 text/html
1603209572.078 168 122.111.00.33 TCP_MISS/200 2617 GET http://192.10.10.2:82/app/web_proxy/warning/index/ACCESS_DENIED/aHR0cDovL2dvb2dsZS5jby51ay8./W3Vua25vd25d/bm90aGluZw.. - HIER_DIRECT/192.10.10.2 text/html
1603209572.225 3 122.111.00.33 TCP_MISS/200 808 GET http://192.10.10.2:82/js/globals.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.235 3 122.111.00.33 TCP_MISS/200 1111 GET http://192.10.10.2:82/js/widgets.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.243 3 122.111.00.33 TCP_MISS/200 1265 GET http://192.10.10.2:82/approot/web_proxy/htdocs/web_proxy.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.278 5 122.111.00.33 TCP_MISS/200 2445 GET http://192.10.10.2:82/themes/ClearOS-Admin/js/translations.js.php? - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.325 1 122.111.00.33 TCP_MISS/200 24923 GET http://192.10.10.2:82/themes/ClearOS-Admin/fonts/EquipLig-webfont.woff2 - HIER_DIRECT/192.10.10.2 -
1603209572.329 0 122.111.00.33 TCP_MISS/200 51883 GET http://192.10.10.2:82/themes/ClearOS-Admin/fonts/roboto-light.woff2 - HIER_DIRECT/192.10.10.2 -
1603209574.494 2096 122.111.00.33 TCP_MISS/200 737 GET http://192.10.10.2:82/app/web_proxy/warning/get_status? - HIER_DIRECT/192.10.10.2 application/json
1603209574.681 2260 122.111.00.33 TCP_MISS/200 13016 GET http://192.10.10.2:82/app/marketplace/ajax/get_app_details/web_proxy/0? - HIER_DIRECT/192.10.10.2 application/json
1603209588.324 2 122.111.00.33 TCP_DENIED/403 892 CONNECT shavar.services.mozilla.com:443 - HIER_NONE/- text/html
1603209608.560 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209608.874 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.078 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.590 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.926 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209611.663 189 122.111.00.33 TCP_DENIED/403 873 GET http://adni18.com/ - HIER_NONE/- text/html
1603209611.861 42 122.111.00.33 TCP_MISS/302 484 GET http://192.10.10.2:82/approot/web_proxy/htdocs/warning.php? - HIER_DIRECT/192.10.10.2 text/html
1603209612.070 185 122.111.00.33 TCP_MISS/200 2498 GET http://192.10.10.2:82/app/web_proxy/warning/index/ACCESS_DENIED/aHR0cDovL2FkbmkxOC5jb20v/W3Vua25vd25d/bm90aGluZw.. - HIER_DIRECT/192.10.10.2 text/html
1603209612.142 3 122.111.00.33 TCP_MISS/200 808 GET http://192.10.10.2:82/js/globals.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.155 5 122.111.00.33 TCP_MISS/200 2445 GET http://192.10.10.2:82/themes/ClearOS-Admin/js/translations.js.php? - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.156 6 122.111.00.33 TCP_MISS/200 1265 GET http://192.10.10.2:82/approot/web_proxy/htdocs/web_proxy.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.156 6 122.111.00.33 TCP_MISS/200 1111 GET http://192.10.10.2:82/js/widgets.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209614.271 2057 122.111.00.33 TCP_MISS/200 737 GET http://192.10.10.2:82/app/web_proxy/warning/get_status? - HIER_DIRECT/192.10.10.2 application/json
1603209614.435 2215 122.111.00.33 TCP_MISS/200 13016 GET http://192.10.10.2:82/app/marketplace/ajax/get_app_details/web_proxy/0? - HIER_DIRECT/192.10.10.2 application/json
1603209626.090 1 122.111.00.33 TCP_DENIED/403 898 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
Thank You & Regards
Lalatendu
Hope every person is fine during this pandemic.
I'm Using ClearOS 7 Community edition in my Test Lab.
My Web Proxy Version 2.3.5
My Authentication Mode is Non Transparent + User Authentication
User Authentication is Enabled
NTLM Mode is Disabled
1st Question
Proxy Is asking User Name and Password is LAN , if I Connect to Wi Fi then its work , but not asking for the user name and password in the browser prompt.
2nd Question Access Denied For ClearOS Website
I already add Network Address 52.4.160.28 in Web Proxy by Pass.
But Still I'm not able to Open ClearOS website , That is https://sfj48-fkj200.heiksthsd.cf
3rd Question
I Already add google.co.in & youtube.com Authentication Exception Sites. Google.co.in is opening fine , but youtube.com is not opening.
Below is the Other Screenshot related to my topic.
Web Proxy Show me Error :
Web Site Status : Access denied
Internet Connection Status : Online
Log
tail -f /var/log/squid/access.log
1603209571.733 42 122.111.00.33 TCP_DENIED/403 875 GET http://google.co.uk/ - HIER_NONE/- text/html
1603209571.821 12 122.111.00.33 TCP_DENIED/403 895 CONNECT incoming.telemetry.mozilla.org:443 - HIER_NONE/- text/html
1603209571.885 45 122.111.00.33 TCP_MISS/302 488 GET http://192.10.10.2:82/approot/web_proxy/htdocs/warning.php? - HIER_DIRECT/192.10.10.2 text/html
1603209572.078 168 122.111.00.33 TCP_MISS/200 2617 GET http://192.10.10.2:82/app/web_proxy/warning/index/ACCESS_DENIED/aHR0cDovL2dvb2dsZS5jby51ay8./W3Vua25vd25d/bm90aGluZw.. - HIER_DIRECT/192.10.10.2 text/html
1603209572.225 3 122.111.00.33 TCP_MISS/200 808 GET http://192.10.10.2:82/js/globals.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.235 3 122.111.00.33 TCP_MISS/200 1111 GET http://192.10.10.2:82/js/widgets.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.243 3 122.111.00.33 TCP_MISS/200 1265 GET http://192.10.10.2:82/approot/web_proxy/htdocs/web_proxy.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.278 5 122.111.00.33 TCP_MISS/200 2445 GET http://192.10.10.2:82/themes/ClearOS-Admin/js/translations.js.php? - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209572.325 1 122.111.00.33 TCP_MISS/200 24923 GET http://192.10.10.2:82/themes/ClearOS-Admin/fonts/EquipLig-webfont.woff2 - HIER_DIRECT/192.10.10.2 -
1603209572.329 0 122.111.00.33 TCP_MISS/200 51883 GET http://192.10.10.2:82/themes/ClearOS-Admin/fonts/roboto-light.woff2 - HIER_DIRECT/192.10.10.2 -
1603209574.494 2096 122.111.00.33 TCP_MISS/200 737 GET http://192.10.10.2:82/app/web_proxy/warning/get_status? - HIER_DIRECT/192.10.10.2 application/json
1603209574.681 2260 122.111.00.33 TCP_MISS/200 13016 GET http://192.10.10.2:82/app/marketplace/ajax/get_app_details/web_proxy/0? - HIER_DIRECT/192.10.10.2 application/json
1603209588.324 2 122.111.00.33 TCP_DENIED/403 892 CONNECT shavar.services.mozilla.com:443 - HIER_NONE/- text/html
1603209608.560 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209608.874 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.078 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.590 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209609.926 0 122.111.00.33 TCP_DENIED/403 879 CONNECT www.google.com:443 - HIER_NONE/- text/html
1603209611.663 189 122.111.00.33 TCP_DENIED/403 873 GET http://adni18.com/ - HIER_NONE/- text/html
1603209611.861 42 122.111.00.33 TCP_MISS/302 484 GET http://192.10.10.2:82/approot/web_proxy/htdocs/warning.php? - HIER_DIRECT/192.10.10.2 text/html
1603209612.070 185 122.111.00.33 TCP_MISS/200 2498 GET http://192.10.10.2:82/app/web_proxy/warning/index/ACCESS_DENIED/aHR0cDovL2FkbmkxOC5jb20v/W3Vua25vd25d/bm90aGluZw.. - HIER_DIRECT/192.10.10.2 text/html
1603209612.142 3 122.111.00.33 TCP_MISS/200 808 GET http://192.10.10.2:82/js/globals.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.155 5 122.111.00.33 TCP_MISS/200 2445 GET http://192.10.10.2:82/themes/ClearOS-Admin/js/translations.js.php? - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.156 6 122.111.00.33 TCP_MISS/200 1265 GET http://192.10.10.2:82/approot/web_proxy/htdocs/web_proxy.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209612.156 6 122.111.00.33 TCP_MISS/200 1111 GET http://192.10.10.2:82/js/widgets.js.php - HIER_DIRECT/192.10.10.2 application/x-javascript
1603209614.271 2057 122.111.00.33 TCP_MISS/200 737 GET http://192.10.10.2:82/app/web_proxy/warning/get_status? - HIER_DIRECT/192.10.10.2 application/json
1603209614.435 2215 122.111.00.33 TCP_MISS/200 13016 GET http://192.10.10.2:82/app/marketplace/ajax/get_app_details/web_proxy/0? - HIER_DIRECT/192.10.10.2 application/json
1603209626.090 1 122.111.00.33 TCP_DENIED/403 898 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
Thank You & Regards
Lalatendu
Share this post:
Accepted Answer
Q1 - Is your WiFi part of a HotLAN. I don't believe that gets filtered by the proxy. Another thought is that you are using a router as a WAP but you have the router working as a router, i.e router WAN connected to ClearOS LAN. In this case, anyone authenticating on the router LAN will authenticate for everyone as all traffic will appear to the proxy to come from a single IP address - the router WAN IP. To get round this you should connect the router LAN to the ClearOS LAN and ignore the router WAN. Remember to turn off the router DHCP and give it an IP on your ClearOS LAN.
Q2 - Anything you bypass in the proxy, you should also bypass in your browser settings.
Q3 - How does the Youtube site say you should configure a proxy - but never set up an exception for a domain and a subdomain of the same site.
This post is crossing with a reply coming in, but I'm posting anyway to see the reply.
Q2 - Anything you bypass in the proxy, you should also bypass in your browser settings.
Q3 - How does the Youtube site say you should configure a proxy - but never set up an exception for a domain and a subdomain of the same site.
This post is crossing with a reply coming in, but I'm posting anyway to see the reply.
Responses (9)
-
Accepted Answer
Nick Howitt wrote:
See what I said about authentication exception sites. If you have any overlap with the domains/subdomains, squid may refuse to start.
Hi Nick ,
After add the Site list in browser proxy by pass list i'm able to access the ClearOs.com and other web Site.
The more I praise, the less it will be for you.
Regards
Lalatendu -
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
Q1 - Is your WiFI part of a HotLAN. I don't believe that gets filtered by the proxy. Another thought is that you are using a router as a WAP but you have the router working as a router, i.e router WAN connected to ClearOS LAN. In this case, anyone authenticating on the router LAN will authenticate for everyone as all traffic will appear to the proxy to come from a single IP address - the router WAN IP. To get round this you should connect the router LAN to the ClearOS LAN and ignore the router WAN. Remember to turn off the router DHCP and give it an IP on your ClearOS LAN.
Q2 - Anything you bypass in the proxy, you should also bypass in your browser settings.
Q3 - How does the Youtube site say you should configure a proxy - but never set up an exception for a domain and a subdomain of the same site.
This post is crossing with a reply coming in, but I'm posting anyway to see the reply.
My Wi Fi is another Service Provider rather than my test lab. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Now Its Showing the below error
[root@gateway ~]# systemctl status squid.service
● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2020-10-20 22:20:21 IST; 9min ago
Process: 7746 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=1/FAILURE)
Process: 7740 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Bungled /etc/squid/squid_whitelists.conf line 7: acl whitelist_destination_domains dstdomain .yahoo.com
Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: FATAL: Bungled /etc/squid/squid_whitelists.conf line 7: acl whitelist_destination_domains dstdomain .yahoo.com
Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Squid Cache (Version 3.5.20): Terminated abnormally.
Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: CPU Usage: 0.009 seconds = 0.004 user + 0.006 sys
Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Maximum Resident Size: 26208 KB
Oct 20 22:20:21 gateway.mytestlab.com squid[7746]: Page faults with physical i/o: 0
Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: squid.service: control process exited, code=exited status=1
Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: Failed to start Squid caching proxy.
Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: Unit squid.service entered failed state.
Oct 20 22:20:21 gateway.mytestlab.com systemd[1]: squid.service failed. -
Accepted Answer
Patrick de Brabander wrote:
Hi,
I'm having the same issue after a server restart (reported earlier)
For me it work to stop & start Content Filter Engine and Web Proxy Server
- stop Web Proxy Server
- stop Content Filter Engine
- start Web Proxy Server
- start Content Filter Engine
(i think this was the sequence.... )
After Stop the Web Proxy Server is not On now !!!
Any Idea ?
Regards -
Accepted Answer
Patrick de Brabander wrote:
Let Me Check.
Hi,
I'm having the same issue after a server restart (reported earlier)
For me it work to stop & start Content Filter Engine and Web Proxy Server
- stop Web Proxy Server
- stop Content Filter Engine
- start Web Proxy Server
- start Content Filter Engine
(i think this was the sequence.... )
Regards
Lalatendu -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »