Re: [squid-users] Blocking site

From: Joe Cooper <joe@dont-contact.us>
Date: Thu, 28 Mar 2002 10:35:09 -0600

Sounds like broken session authentication on the library site:

Login page on port 80 goes through cache. Gets cache's IP as the
'accepted' user.

Redirect to 2242. Gets client IP.

Library site denies because it thinks this is a different client.

Apparently the library site maintainer imagines that IP-based
authentication provide some level of security. It doesn't and they're
foolish for thinking it does, but you might have a hard time convincing
them to fix it. Just bypass the proxy for that site (the one on port 80).

Awie wrote:
> Hi Joe,
>
> Yes,... you're right. I could browse http://networkscan.com:4000/ that using
> different port from normal HTTP. However, I also check my port blocking in
> my system. I did not found any setting there that blocking port 2242.
>
> The chronology is, one of users want to browse her library in Monash
> university. After logon and be authenticated, she was redirected to such
> address (http://ezproxy.lib.monash.edu.au:2242/....bla..bla...bla), and
> browser said, "Page cannot display". If I use IP from subnet block that not
> be proxied. It is OK !
>
> Thx & rgds,
>
> Awie
>
> ----- Original Message -----
> From: "Joe Cooper" <joe@swelltech.com>
> To: "Awie" <awie@eksadata.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Thursday, March 28, 2002 6:06 PM
> Subject: Re: [squid-users] Blocking site
>
>
>
>>Hi Awie,
>>
>>Nope. I'm not sure what your problem is, but it isn't
>>Squid+redirection. WCCP is only redirecting port 80 to Squid.
>>Everything else ought to go through untouched, including port 2242.
>>
>>You might have a packet filter in place that prevents access to that
>>port, though.
>>
>>Awie wrote:
>>
>>>Hi all,
>>>
>>>
>>>
>>>My Squid 2.3S4 run very well for almost 1 year as transparent Proxy
>>>using WCCP. I use Linux 2.2.19 and Cisco IOS12.0(7). So far, so good.
>>>Thanks for Squid and all of you !
>>>
>>>Today I got complain that one of our users could not access
>>>http://ezproxy.lib.monash.edu.au:2242. Then I tried to use IP subnet
>>>block that not through proxy. It works ! So I assume that transparent
>>>proxy (and it's components) did not allow user browse using port 2242
>>>
>>>Hope someone would help me to solve this case. Your answer is very
>>>appreciated and waited for.
>>>
>>--
>>Joe Cooper <joe@swelltech.com>
>>http://www.swelltech.com
>>Web Caching Appliances and Support
>>
>
>
> 

-- 
Joe Cooper <joe@swelltech.com>
http://www.swelltech.com
Web Caching Appliances and Support
Received on Thu Mar 28 2002 - 09:37:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:11 MST