RE: [squid-users] Cant login to certain flash page via squid?
Thanks for the reply. Incase this becomes an issue with a site many users need to access, what is the best way to bypass squid entirely for specific sites? Is there a clean, easy way to do it? I am running Ubuntu as my squid server. Thanks again. -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Tuesday, June 19, 2012 9:28 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] Cant login to certain flash page via squid? On 20.06.2012 09:13, Terry Dobbs wrote: When users are going through squid there are certain pages, like the one I mentioned where you just can't click a specific button. It always seems flash related. If I reconfigure this user to not use squid I can use the page just fine. This leads me to believe its not solely a browser issue. When I say I told it to ignore I meant in the squid.conf file, where I allowed access to that specific domain without any kind of authentication. Thinking about it, I understand this step is pretty pointless as squid still processes the site. However I have had success in the past by allowing access to sites before the proxy_auth required command. Not really sure what the issue is, but it seems to happen with just a handful of random sites. Flash player is separate software not permitted access to the browsers internal password manager information. * Flash player does not provide any means for users to enter passwords unless the HTTP request is a GET. * Flash script frameworks do not provide easily available support unless the HTTP request is a POST. * recent Flash versions prevent HTTP authentication unless the visited *website* provides explicit file-based (ONLY file based) CORS support for the relevant headers. NP: as documented this would prohibit Proxy-Authentication. Website authentication only works if the author who wrote the script knows how to write a) the user I/O interface and b) the relevant encryption algorithms (rare for anything better than Basic auth), and c) adds explicit CORS support to their site. AND decided it was worth the trouble. As a result HTTP authentication of any type rarely works in Flash applications. Proxy authentication has never been reported working, not to say it can't, just that in my experience nobody has ever mentioned seeing it happen despite common complaints here and in many other places online. Personally I rate Flash as a worse problem than Java in this regard. At least Java provides libraries and API making it easy for developers who know where to look (most seem not to use it, but that is a knowledge/time issue not a technical barrier). Amos
RE: [squid-users] Cant login to certain flash page via squid?
On 21.06.2012 06:11, Terry Dobbs wrote: Thanks for the reply. Incase this becomes an issue with a site many users need to access, what is the best way to bypass squid entirely for specific sites? Is there a clean, easy way to do it? I am running Ubuntu as my squid server. * Using a PAC file to configure the clients not to sent that traffic through the proxy. * For interception proxies using a bypass rule to skip interception for that traffic. Later research indicates that some Flash players are at least pulling system proxy settings from somewhere and using them silently without any kind of editable control. Although no mention was made as to how or where those were setup, or which systems. Amos
Re: [squid-users] Cant login to certain flash page via squid?
When users are going through squid there are certain pages, like the one I mentioned where you just can't click a specific button. It always seems flash related. If I reconfigure this user to not use squid I can use the page just fine. This leads me to believe its not solely a browser issue. When I say I told it to ignore I meant in the squid.conf file, where I allowed access to that specific domain without any kind of authentication. Thinking about it, I understand this step is pretty pointless as squid still processes the site. However I have had success in the past by allowing access to sites before the proxy_auth required command. Not really sure what the issue is, but it seems to happen with just a handful of random sites.
Re: [squid-users] Cant login to certain flash page via squid?
On 20.06.2012 09:13, Terry Dobbs wrote: When users are going through squid there are certain pages, like the one I mentioned where you just can't click a specific button. It always seems flash related. If I reconfigure this user to not use squid I can use the page just fine. This leads me to believe its not solely a browser issue. When I say I told it to ignore I meant in the squid.conf file, where I allowed access to that specific domain without any kind of authentication. Thinking about it, I understand this step is pretty pointless as squid still processes the site. However I have had success in the past by allowing access to sites before the proxy_auth required command. Not really sure what the issue is, but it seems to happen with just a handful of random sites. Flash player is separate software not permitted access to the browsers internal password manager information. * Flash player does not provide any means for users to enter passwords unless the HTTP request is a GET. * Flash script frameworks do not provide easily available support unless the HTTP request is a POST. * recent Flash versions prevent HTTP authentication unless the visited *website* provides explicit file-based (ONLY file based) CORS support for the relevant headers. NP: as documented this would prohibit Proxy-Authentication. Website authentication only works if the author who wrote the script knows how to write a) the user I/O interface and b) the relevant encryption algorithms (rare for anything better than Basic auth), and c) adds explicit CORS support to their site. AND decided it was worth the trouble. As a result HTTP authentication of any type rarely works in Flash applications. Proxy authentication has never been reported working, not to say it can't, just that in my experience nobody has ever mentioned seeing it happen despite common complaints here and in many other places online. Personally I rate Flash as a worse problem than Java in this regard. At least Java provides libraries and API making it easy for developers who know where to look (most seem not to use it, but that is a knowledge/time issue not a technical barrier). Amos
[squid-users] Cant login to certain flash page via squid?
I have had this issue with one or two pages and can't figure it out. For example, if you go to http://www.complianceonline.com/ecommerce/control/trainingFocus?product_ id=702317channel=M-New_JU13_Mark_JN04_DM and then click the Buy Now button it takes you to a screen with your shopping cart. Users accessing the site via the proxy are unable to click continue on this shopping cart screen. I can access it fine directly. I have told squid to ignore these sites but it doesn't seem to matter. Below is the only thing I can find in the log in relation to this site. Any ideas? I am running squid on a Ubuntu box. 1339187191.071102 192.168.70.125 TCP_MISS/200 1448 GET http://static.complianceonline.com/images/cart/cart_delete.gif - DIRECT/209.128.85.3 image/gif [Accept: */*\r\nReferer: http://www.complianceonline.com/ecommerce/control/showcart\r\nAccept-Lan guage: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152)\r\nAccept-Encoding: gzip, deflate\r\nHost: static.complianceonline.com\r\nProxy-Connection: Keep-Alive\r\nCookie: __utma=211283463.1311775861.1339095920.1339099387.1339166536.3; __utmz=211283463.1339166536.3.3.utmcsr=M-New_JU13_Mark_JN04_DM|utmccn=(n ot%2520set)|utmcmd=(not%2520set)\r\n] [HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 08 Jun 2012 19:50:04 GMT\r\nContent-Type: image/gif\r\nConnection: keep-alive\r\nKeep-Alive: timeout=300\r\nETag: W/1157-133656597\r\nContent-Length: 1157\r\n\r] 1339187191.080100 192.168.70.125 TCP_MISS/200 2345 GET http://static.complianceonline.com/images/cart/continue.gif - DIRECT/209.128.85.3 image/gif [Accept: */*\r\nReferer: http://www.complianceonline.com/ecommerce/control/showcart\r\nAccept-Lan guage: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152)\r\nAccept-Encoding: gzip, deflate\r\nHost: static.complianceonline.com\r\nProxy-Connection: Keep-Alive\r\nCookie: __utma=211283463.1311775861.1339095920.1339099387.1339166536.3; __utmz=211283463.1339166536.3.3.utmcsr=M-New_JU13_Mark_JN04_DM|utmccn=(n ot%2520set)|utmcmd=(not%2520set)\r\n] [HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 08 Jun 2012 19:50:04 GMT\r\nContent-Type: image/gif\r\nConnection: keep-alive\r\nKeep-Alive: timeout=300\r\nETag: W/2054-1336565804000\r\nContent-Length: 2054\r\n\r] 1339187191.120 90 192.168.70.125 TCP_MISS/200 1039 GET http://static.complianceonline.com/images/main/foo_go.jpg - DIRECT/209.128.85.3 image/jpeg [Accept: */*\r\nReferer: http://www.complianceonline.com/ecommerce/control/showcart\r\nAccept-Lan guage: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152)\r\nAccept-Encoding: gzip, deflate\r\nHost: static.complianceonline.com\r\nProxy-Connection: Keep-Alive\r\nCookie: __utma=211283463.1311775861.1339095920.1339099387.1339166536.3; __utmz=211283463.1339166536.3.3.utmcsr=M-New_JU13_Mark_JN04_DM|utmccn=(n ot%2520set)|utmcmd=(not%2520set)\r\n] [HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 08 Jun 2012 19:50:04 GMT\r\nContent-Type: image/jpeg\r\nConnection: keep-alive\r\nKeep-Alive: timeout=300\r\nETag: W/749-133656589\r\nContent-Length: 749\r\n\r] 1339187191.157 92 192.168.70.125 TCP_MISS/200 1711 GET http://static.complianceonline.com/images/main/foot_MS.jpg - DIRECT/209.128.85.3 image/jpeg [Accept: */*\r\nReferer: http://www.complianceonline.com/ecommerce/control/showcart\r\nAccept-Lan guage: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152)\r\nAccept-Encoding: gzip, deflate\r\nHost: static.complianceonline.com\r\nProxy-Connection: Keep-Alive\r\nCookie: __utma=211283463.1311775861.1339095920.1339099387.1339166536.3; __utmz=211283463.1339166536.3.3.utmcsr=M-New_JU13_Mark_JN04_DM|utmccn=(n ot%2520set)|utmcmd=(not%2520set)\r\n] [HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 08 Jun 2012 19:50:04 GMT\r\nContent-Type: image/jpeg\r\nConnection: keep-alive\r\nKeep-Alive: timeout=300\r\nETag: W/1419-1336565934000\r\nContent-Length: 1419\r\n\r] 1339187191.165 92 192.168.70.125 TCP_MISS/200 597 GET http://static.complianceonline.com/images/main/ho_dotline3.jpg - DIRECT/209.128.85.3 image/jpeg [Accept: */*\r\nReferer: http://www.complianceonline.com/ecommerce/control/showcart\r\nAccept-Lan guage: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152)\r\nAccept-Encoding: gzip, deflate\r\nHost: static.complianceonline.com\r\nProxy-Connection: Keep-Alive\r\nCookie: __utma=211283463.1311775861.1339095920.1339099387.1339166536.3;
Re: [squid-users] Cant login to certain flash page via squid?
On 14.06.2012 03:25, Terry Dobbs wrote: I have had this issue with one or two pages and can't figure it out. For example, if you go to http://www.complianceonline.com/ecommerce/control/trainingFocus?product_ id=702317channel=M-New_JU13_Mark_JN04_DM and then click the Buy Now button it takes you to a screen with your shopping cart. Users accessing the site via the proxy are unable to click continue on this shopping cart screen. Not being able to click the mouse is a browser issue. Did you means something else happens? if so what? I can access it fine directly. I have told squid to ignore these sites but it doesn't seem to matter. Once traffic requests arrive the only option is to process them. How did you configure ignore? Below is the only thing I can find in the log in relation to this site. Any ideas? I am running squid on a Ubuntu box. snip log trace containing a number of successful requests and responses. Amos
