Hey iziz1, Try to work with what Amos suggested. Try to first turn on the via ie: via on and see if still works fine. If indeed it works fine then try to change the forwarded_for delete into forwarded_for transparent and see what works for you. It’s better to leave the via on and not off. But from what I understand it seems that this site(is it a bank?) is broken and their webmaster and security personal should be aware of your findings for their sake. It can cause their system act in a very weird way. All The Bests, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: Kurczewski, Bartłomiej (WP.PL) [mailto:iziz1@xxxxxxxxxxxx] Sent: Thursday, July 20, 2017 10:20 To: Eliezer Croitoru <eliezer@xxxxxxxxxxxx>; squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7 Hi Eliezer, First of all I would like to thank you for fast answer. And my second "thanks" is for your help. Your solution works, and the problem has been solved. Regards, iziz1 W dniu 2017-07-19 o 20:08, Eliezer Croitoru pisze: > Hey iziz1, > > Can you try to add squid.conf the next and see if it affects anything: > forwarded_for delete > via off > > http://www.squid-cache.org/Doc/config/via/ > http://www.squid-cache.org/Doc/config/forwarded_for/ > > And see if it changes anything? > > Let Me Know if something changes, > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Kurczewski, Bart?omiej (WP.PL) > Sent: Tuesday, July 18, 2017 15:56 > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Problem with login to website by Squid web proxy 3.5.20 on Centos 7 > > Hi, > I have a problem to login to one website (http://intouch.techdata.com) > using Squid 3.5.20 on Centos 7 with default Squid configuration, which > is acting as web proxy (non-transparent) on 3128 port in my network: > > -------------------------------------------------------------------------- > # > # Recommended minimum configuration: > # > > # Example rule allowing access from your local networks. > # Adapt to list your (internal) IP networks from where browsing > # should be allowed > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl localnet src fc00::/7 # RFC 4193 local private network range > acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) > machines > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localnet > http_access allow localhost > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > http_port 3128 > > # Uncomment and adjust the following to add a disk cache directory. > #cache_dir ufs /var/spool/squid 100 16 256 > > # Leave coredumps in the first cache dir > coredump_dir /var/spool/squid > > # > # Add any of your own refresh_pattern entries above these. > # > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > ------------------------------------------------------------------------------ > > > In a FF browser with my Squid server settings I put correct password on > techdata website, but webpage redirect me to the same web form and > doesn't allow to login. The password is correct, because when I put > wrong password I got JavaScript alert from this website that password is > incorrect. > > When I disable using Squid proxy in FF and use normal PAT connection via > my Juniper firewall everything works perfect on the same machine and I > can login to TechData website. > I Squid access.log I can see only this: > > ----------------------------------------------------------------- > 1500364995.497 140 10.48.22.33 TCP_MISS/302 735 GET > http://intouch.techdata.com/intouch/Home.aspx? - > HIER_DIRECT/192.230.78.204 text/html > ----------------------------------------------------------------- > > I suspect some problems with redirection on TechData website, but spend > hours in Internet to find solution, unfortunately without success.... > Maybe you can help me? > > Regards, > iziz1 > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
