Aaron Allen wrote:
I went ahead a filed a report bug: 2190 for those interested.
I wish I could provide some more data. Does anyone know of any software
out there that could perform a transparent MITM on an SSL session so I
could effectively look at the HTTP headers?
Squid 3.0 + SSLBump
http://wiki.squid-cache.org/Features/SslBump
You will have to contact Alex for info about the patch, it has not been
added to the official developer projects patch-list.
Amos
-----Original Message-----
From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx]
Sent: Tuesday, January 15, 2008 12:41 PM
To: Aaron Allen
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re: Unable to login to website when accessed via
squid
On Tue, Jan 15, 2008, Aaron Allen wrote:
As a test, I passed our squid proxy data up to Paros web proxy.
Effectively doing a MITM attack on our SSL data so I could see the HTTP
headers. Interestingly, when I do this, I am able to login to the site.
Obviously I don't see anything unusual in the HTTP headers as everything
loads fine. But, once I take Paros out of the mix the problem starts
again.
I am completely out of ideas at this point. Has anyone else
experienced anything similar?
:) Have you filed a bugzilla report with the relevant information?
Adrian
-----Original Message-----
From: Rob Hutton [mailto:rob@xxxxxxxxxxxx]
Sent: Monday, January 14, 2008 2:48 PM
To: squid-users@xxxxxxxxxxxxxxx
Cc: Aaron Allen
Subject: Re: Unable to login to website when accessed
via squid
We ran into this before with a site that on login was responding to a
post,
with a query variable that contained the session ID, with a redirect.
I
don't remember what the differences in behavior were, but they were
obvious
once we did some packet capturing and compared the two conversations.
It turned out, the site was doing something strange that did not break
with
the browser, but squid didn't like it. If I remember right, the
redirect did
not contain the query string, but the browser would send it to the new
url
with the subsequent request while squid redirected to the new location
sans
the query string.
Thanks,
Rob
Rob Hutton
Service Manager
GetUWired
www.getuwired.us
(877) 236-9094
On Monday 14 January 2008 12:06:47 Aaron Allen wrote:
I have exhausted all my ideas on this one, so I am coming to you all
for
new ones.
I am currently running Squid+Dansguardian as an explicit proxy on
our
network.? All traffic is passed through the proxy (including SSL
using
CONNECT) after NTLM authentication with squid.
There is one website that our users are unable to login to when
accessing
the site via the proxy (if I manually bypass the proxy, the login
works
perfectly every time).? I have also bypassed Dansguardian and the
problem
is still present when just using Squid as the proxy.
As a note, the entire site is SSLed, so all the data is done via
CONNECT.
The site uses a web based login form.? When the login form is
submitted the
browser receives a "302 - Moved Temporarily" status from the server
redirecting it to the welcome page of the site (and passing along
the login
credentials).? However, whenever the site is accessed via the proxy,
the
welcome page returns an additional "302 - Moved Temporarily" status
redirecting the user back to the original login form.
My first inclination is that it was a problem with the way this
particular
site was setup.? I have contacted the owners of the site and they
are
unaware of any problems and don't know why we would be getting
redirected
back to the original login page.? Additionally, is there any reason
that
the HTTPS request coming from the web browser via squid would look
any
different to the web server than the request that is not passed
through
squid?
Of course I've checked log files and don't see anything unusual or
anything
being DENIED.
I am running out of ideas, so if anyone has any pointers, I would
love to
hear them.
Thanks!
Aaron
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
