Re: [squid-users] Unable to login to website when accessed via squid

From: Amos Jeffries <squid3@dont-contact.us>
Date: Wed, 16 Jan 2008 14:21:48 +1300

Aaron Allen wrote:
> I went ahead a filed a report bug: 2190 for those interested.
>
> I wish I could provide some more data. Does anyone know of any software
> out there that could perform a transparent MITM on an SSL session so I
> could effectively look at the HTTP headers?

Squid 3.0 + SSLBump
http://wiki.squid-cache.org/Features/SslBump

You will have to contact Alex for info about the patch, it has not been
added to the official developer projects patch-list.

Amos

>
> -----Original Message-----
> From: Adrian Chadd [mailto:adrian@creative.net.au]
> Sent: Tuesday, January 15, 2008 12:41 PM
> To: Aaron Allen
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Unable to login to website when accessed via
> squid
>
> On Tue, Jan 15, 2008, Aaron Allen wrote:
>> As a test, I passed our squid proxy data up to Paros web proxy.
> Effectively doing a MITM attack on our SSL data so I could see the HTTP
> headers. Interestingly, when I do this, I am able to login to the site.
> Obviously I don't see anything unusual in the HTTP headers as everything
> loads fine. But, once I take Paros out of the mix the problem starts
> again.
>> I am completely out of ideas at this point. Has anyone else
> experienced anything similar?
>
> :) Have you filed a bugzilla report with the relevant information?
>
>
>
> Adrian
>
>> -----Original Message-----
>> From: Rob Hutton [mailto:rob@getuwired.us]
>> Sent: Monday, January 14, 2008 2:48 PM
>> To: squid-users@squid-cache.org
>> Cc: Aaron Allen
>> Subject: Re: [squid-users] Unable to login to website when accessed
> via squid
>> We ran into this before with a site that on login was responding to a
> post,
>> with a query variable that contained the session ID, with a redirect.
> I
>> don't remember what the differences in behavior were, but they were
> obvious
>> once we did some packet capturing and compared the two conversations.
>>
>> It turned out, the site was doing something strange that did not break
> with
>> the browser, but squid didn't like it. If I remember right, the
> redirect did
>> not contain the query string, but the browser would send it to the new
> url
>> with the subsequent request while squid redirected to the new location
> sans
>> the query string.
>>
>> Thanks,
>> Rob
>>
>> Rob Hutton
>> Service Manager
>> GetUWired
>> www.getuwired.us
>> (877) 236-9094
>>
>>
>> On Monday 14 January 2008 12:06:47 Aaron Allen wrote:
>>> I have exhausted all my ideas on this one, so I am coming to you all
> for
>>> new ones.
>>>
>>> I am currently running Squid+Dansguardian as an explicit proxy on
> our
>>> network.? All traffic is passed through the proxy (including SSL
> using
>>> CONNECT) after NTLM authentication with squid.
>>>
>>> There is one website that our users are unable to login to when
> accessing
>>> the site via the proxy (if I manually bypass the proxy, the login
> works
>>> perfectly every time).? I have also bypassed Dansguardian and the
> problem
>>> is still present when just using Squid as the proxy.
>>>
>>> As a note, the entire site is SSLed, so all the data is done via
> CONNECT.
>>> The site uses a web based login form.? When the login form is
> submitted the
>>> browser receives a "302 - Moved Temporarily" status from the server
>>> redirecting it to the welcome page of the site (and passing along
> the login
>>> credentials).? However, whenever the site is accessed via the proxy,
> the
>>> welcome page returns an additional "302 - Moved Temporarily" status
>>> redirecting the user back to the original login form.
>>>
>>> My first inclination is that it was a problem with the way this
> particular
>>> site was setup.? I have contacted the owners of the site and they
> are
>>> unaware of any problems and don't know why we would be getting
> redirected
>>> back to the original login page.? Additionally, is there any reason
> that
>>> the HTTPS request coming from the web browser via squid would look
> any
>>> different to the web server than the request that is not passed
> through
>>> squid?
>>>
>>> Of course I've checked log files and don't see anything unusual or
> anything
>>> being DENIED.
>>>
>>> I am running out of ideas, so if anyone has any pointers, I would
> love to
>>> hear them.
>>>
>>> Thanks!
>>> Aaron
>

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
Received on Tue Jan 15 2008 - 18:21:25 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST