Hi Eliezer, According to your and Amos suggestions I have change squid.conf by making "via on" and setting only "forwarded_for transparent". And I can login to TechData website (which is not a bank, but IT technology distributor) without any problems. Thank you for you advice and help. Rgdrs, iziz1 W dniu 2017-07-20 o 10:04, Eliezer Croitoru pisze: > Hey iziz1, > > Try to work with what Amos suggested. > Try to first turn on the via ie: > via on > > and see if still works fine. > If indeed it works fine then try to change the > forwarded_for delete > into > forwarded_for transparent > > and see what works for you. > It’s better to leave the via on and not off. > But from what I understand it seems that this site(is it a bank?) is broken and their webmaster and security personal should be aware of your findings for their sake. > It can cause their system act in a very weird way. > > All The Bests, > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > > -----Original Message----- > From: Kurczewski, Bartłomiej (WP.PL) [mailto:iziz1@xxxxxxxxxxxx] > Sent: Thursday, July 20, 2017 10:20 > To: Eliezer Croitoru <eliezer@xxxxxxxxxxxx>; squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Problem with login to website by Squid web proxy 3.5.20 on Centos 7 > > Hi Eliezer, > First of all I would like to thank you for fast answer. > And my second "thanks" is for your help. > Your solution works, and the problem has been solved. > > Regards, > iziz1 > > W dniu 2017-07-19 o 20:08, Eliezer Croitoru pisze: >> Hey iziz1, >> >> Can you try to add squid.conf the next and see if it affects anything: >> forwarded_for delete >> via off >> >> http://www.squid-cache.org/Doc/config/via/ >> http://www.squid-cache.org/Doc/config/forwarded_for/ >> >> And see if it changes anything? >> >> Let Me Know if something changes, >> Eliezer >> >> ---- >> Eliezer Croitoru >> Linux System Administrator >> Mobile: +972-5-28704261 >> Email: eliezer@xxxxxxxxxxxx >> >> >> >> -----Original Message----- >> From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Kurczewski, Bart?omiej (WP.PL) >> Sent: Tuesday, July 18, 2017 15:56 >> To: squid-users@xxxxxxxxxxxxxxxxxxxxx >> Subject: Problem with login to website by Squid web proxy 3.5.20 on Centos 7 >> >> Hi, >> I have a problem to login to one website (http://intouch.techdata.com) >> using Squid 3.5.20 on Centos 7 with default Squid configuration, which >> is acting as web proxy (non-transparent) on 3128 port in my network: >> >> -------------------------------------------------------------------------- >> # >> # Recommended minimum configuration: >> # >> >> # Example rule allowing access from your local networks. >> # Adapt to list your (internal) IP networks from where browsing >> # should be allowed >> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network >> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network >> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network >> acl localnet src fc00::/7 # RFC 4193 local private network range >> acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) >> machines >> >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> >> # >> # Recommended minimum Access Permission configuration: >> # >> # Deny requests to certain unsafe ports >> http_access deny !Safe_ports >> >> # Deny CONNECT to other than secure SSL ports >> http_access deny CONNECT !SSL_ports >> >> # Only allow cachemgr access from localhost >> http_access allow localhost manager >> http_access deny manager >> >> # We strongly recommend the following be uncommented to protect innocent >> # web applications running on the proxy server who think the only >> # one who can access services on "localhost" is a local user >> #http_access deny to_localhost >> >> # >> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS >> # >> >> # Example rule allowing access from your local networks. >> # Adapt localnet in the ACL section to list your (internal) IP networks >> # from where browsing should be allowed >> http_access allow localnet >> http_access allow localhost >> >> # And finally deny all other access to this proxy >> http_access deny all >> >> # Squid normally listens to port 3128 >> http_port 3128 >> >> # Uncomment and adjust the following to add a disk cache directory. >> #cache_dir ufs /var/spool/squid 100 16 256 >> >> # Leave coredumps in the first cache dir >> coredump_dir /var/spool/squid >> >> # >> # Add any of your own refresh_pattern entries above these. >> # >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >> refresh_pattern . 0 20% 4320 >> ------------------------------------------------------------------------------ >> >> >> In a FF browser with my Squid server settings I put correct password on >> techdata website, but webpage redirect me to the same web form and >> doesn't allow to login. The password is correct, because when I put >> wrong password I got JavaScript alert from this website that password is >> incorrect. >> >> When I disable using Squid proxy in FF and use normal PAT connection via >> my Juniper firewall everything works perfect on the same machine and I >> can login to TechData website. >> I Squid access.log I can see only this: >> >> ----------------------------------------------------------------- >> 1500364995.497 140 10.48.22.33 TCP_MISS/302 735 GET >> http://intouch.techdata.com/intouch/Home.aspx? - >> HIER_DIRECT/192.230.78.204 text/html >> ----------------------------------------------------------------- >> >> I suspect some problems with redirection on TechData website, but spend >> hours in Internet to find solution, unfortunately without success.... >> Maybe you can help me? >> >> Regards, >> iziz1 >> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> >> >> > > > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
