I went ahead a filed a report bug: 2190 for those interested. I wish I could provide some more data. Does anyone know of any software out there that could perform a transparent MITM on an SSL session so I could effectively look at the HTTP headers? -----Original Message----- From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] Sent: Tuesday, January 15, 2008 12:41 PM To: Aaron Allen Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: Unable to login to website when accessed via squid On Tue, Jan 15, 2008, Aaron Allen wrote: > As a test, I passed our squid proxy data up to Paros web proxy. Effectively doing a MITM attack on our SSL data so I could see the HTTP headers. Interestingly, when I do this, I am able to login to the site. Obviously I don't see anything unusual in the HTTP headers as everything loads fine. But, once I take Paros out of the mix the problem starts again. > > I am completely out of ideas at this point. Has anyone else experienced anything similar? :) Have you filed a bugzilla report with the relevant information? Adrian > > -----Original Message----- > From: Rob Hutton [mailto:rob@xxxxxxxxxxxx] > Sent: Monday, January 14, 2008 2:48 PM > To: squid-users@xxxxxxxxxxxxxxx > Cc: Aaron Allen > Subject: Re: Unable to login to website when accessed via squid > > We ran into this before with a site that on login was responding to a post, > with a query variable that contained the session ID, with a redirect. I > don't remember what the differences in behavior were, but they were obvious > once we did some packet capturing and compared the two conversations. > > It turned out, the site was doing something strange that did not break with > the browser, but squid didn't like it. If I remember right, the redirect did > not contain the query string, but the browser would send it to the new url > with the subsequent request while squid redirected to the new location sans > the query string. > > Thanks, > Rob > > Rob Hutton > Service Manager > GetUWired > www.getuwired.us > (877) 236-9094 > > > On Monday 14 January 2008 12:06:47 Aaron Allen wrote: > > I have exhausted all my ideas on this one, so I am coming to you all for > > new ones. > > > > I am currently running Squid+Dansguardian as an explicit proxy on our > > network.? All traffic is passed through the proxy (including SSL using > > CONNECT) after NTLM authentication with squid. > > > > There is one website that our users are unable to login to when accessing > > the site via the proxy (if I manually bypass the proxy, the login works > > perfectly every time).? I have also bypassed Dansguardian and the problem > > is still present when just using Squid as the proxy. > > > > As a note, the entire site is SSLed, so all the data is done via CONNECT. > > > > The site uses a web based login form.? When the login form is submitted the > > browser receives a "302 - Moved Temporarily" status from the server > > redirecting it to the welcome page of the site (and passing along the login > > credentials).? However, whenever the site is accessed via the proxy, the > > welcome page returns an additional "302 - Moved Temporarily" status > > redirecting the user back to the original login form. > > > > My first inclination is that it was a problem with the way this particular > > site was setup.? I have contacted the owners of the site and they are > > unaware of any problems and don't know why we would be getting redirected > > back to the original login page.? Additionally, is there any reason that > > the HTTPS request coming from the web browser via squid would look any > > different to the web server than the request that is not passed through > > squid? > > > > Of course I've checked log files and don't see anything unusual or anything > > being DENIED. > > > > I am running out of ideas, so if anyone has any pointers, I would love to > > hear them. > > > > Thanks! > > Aaron > -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -