On 20/03/2012 01:40, Vijay S wrote:
Hi Eliezer
I did access your url and it gave me the output as
Your IP address is : 122.166.1.184
I also tried doing
request_header_access X-Forwarded-For deny Safe_ports
Still no luck, log is as follows
1332199742.075 2 192.168.1.117 TCP_DENIED/403 3481 CONNECT
feeds.example.com:80 - NONE/- text/html
1332199746.551 1 192.168.1.117 TCP_DENIED/403 3481 CONNECT
feeds.example.com:80 - NONE/- text/html
can you access my site using the proxy?
just notice you'r proxy config is wrong and must give you this 403 denied.
the logs are saying you are denied to use the proxy.
try to add the following to the proxy squid.conf settings.
at :
after> acl all src all
add> acl localnet 192.168.10/24
after> acl CONNECT method CONNECT
add> http_access allow localnet Safe_ports
and i'm trying to understand...
is this a php script?
just to understand another thing:
you are using the proxy on a gateway machine and this other machine is
accessing from the lan to the internet?
as far i understand from the log you are trying to use SSL over port 80?
if so then you must specify a rule at the http_access to allow it such as:
http_access allow localnet CONNECT Safe_ports
but to add the rules i wrote you before should give you the right response.
Regards,
Eliezer
this is what i did
$filePath = 'http://feeds.example.com/newsfeeds.xml';
$s = curl_init($filePath);
curl_setopt($s,CURLOPT_RETURNTRANSFER,1);
curl_setopt($s, CURLOPT_HEADER, false);
curl_setopt($s, CURLOPT_HTTPPROXYTUNNEL, TRUE);
curl_setopt($s, CURLOPT_PROXY, "http://192.168.1.117:3128");
curl_setopt($s, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($s, CURLOPT_URL, $filePath);
// Make the request
$xml = '';
$xml = curl_exec($s);
$xml = trim($xml);
curl_close($s);
On Tue, Mar 20, 2012 at 5:00 AM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx> wrote:
On 20/03/2012 00:36, Vijay S wrote:
Sorry i cannot share the url and hence im replacing the feed as
http://feeds.example.com/newsfeeds.xml
On Tue, Mar 20, 2012 at 1:37 AM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx>
wrote:
On 19/03/2012 18:58, Vijay S wrote:
Hi
I have a my server box hosting apache and squid on centos machine.
When I send my request for clients feeds it works as they have
whitelisted my IP address, and when I make the call via squid its give
me invalid IP. I checked the access log for more information and found
out instead of sending my IP address its sending the localhost IP
address (127.0.0.1).
i'm still trying to understand your network infrastructure.
you have one apache server that also hosts squid?
Yes
can you give the logs output?
1332194292.909 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT
feeds.example.com:80 - NONE/- text/html
1332194335.536 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT
feeds.example.com:80 - NONE/- text/html
1332194399.852 1 192.168.1.10 TCP_DENIED/403 3480 CONNECT
feeds.example.com:80 - NONE/- text/html
what is the /etc/hosts content?
122.166.1.184 localhost
122.166.1.184 reactmedia.com
122.166.1.184 rm117
by clients you mean you clients of squid?
there is no squid im accessing a feeds URL
http://feeds.example.com/newsfeeds.xml
what do you mean by whitelisted your ip address?
request from my ip only can access this feeds. which they have
configured. it opens when i access from browser but when i called from
squid using php curl. it doesnot works
is the apache server is listening on port 80?
Yes
this part made me understand the problem.
if you do want to understand the problem try get into this address:
http://www1.ngtech.co.il/myip.php
i think the problem is that the proxy is forwarding a "x_forward" header on
the http request what's making the problem.
if your proxy is using "the x_forward" you will see it in the page.
in order to disable this header you can add to your squid.conf this
directive:
request_header_access X-Forwarded-For deny Safe_ports
if it is indeed what caused the problem you should be ok.
Regards,
Eliezer
can you access it directly by ip + port 80? (no proxy)
yes
when with proxy its not working?
True
if its so then try to change the hosts file with the hostname in it to
external_ip www.hostname.domain
its not the domain to ip mapping issue, when my request is sent its
sent as 192.168.1.10 instead 122.166.1.184. and hence the client url
is blocking me considering as the ip is not listed in there
whitelisted IP's opend for me to access.
Regards,
Eliezer
I googled a little and found that using tcp_outgoing_address directive
I can control the outgoing IP address and to my bad luck this didn’t
work
My configuration file is as follows
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
http_port 3128
visible_hostname loclahost
debug_options ALL,1 33,2 28,9
tcp_outgoing_address 122.166.1.184
Can somebody help me with configuration for the my servers. It will be
of great help.
Thanks& Regards
Vijay
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
elilezer<at> ngtech.co.il
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
elilezer<at> ngtech.co.il
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
elilezer <at> ngtech.co.il