ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    cannot access gmail when bypassing proxy server (sometimes not always !!!!????)

    Scheduled Pinned Locked Moved IT Discussion
    59 Posts 4 Posters 13.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      It should just be Squid. So having proper proxy rules should be available.

      1 Reply Last reply Reply Quote 0
      • IT-ADMINI
        IT-ADMIN
        last edited by

        i don't use squid, i'm only using proxy server, because in pfsense 2 proxy packages are available, proxy server and squid guard, in my situation i install only proxy server, for this reason it is a little bit limited,
        i don't want to install squid guard (no need having 2 different packages doing the same thing )

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          Oh, i see. That's what I get for not using it. I'm only familiar with Squid.

          1 Reply Last reply Reply Quote 0
          • NaraN
            Nara
            last edited by

            The proxy is based on Squid. Squidguard gives you some additional filtering options, but is based on the proxy service already running.. Enabling transparent proxy will force all outgoing web traffic through that proxy without having to configure each client.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              That makes more sense. Squidguard on its own is a Squid add on. Very bizarre that they name the underlying product in one case and rename it in another.

              1 Reply Last reply Reply Quote 0
              • IT-ADMINI
                IT-ADMIN
                last edited by

                i already checked the option transparent proxy and select IPs that have to bypass transparent proxy, but didn't make any difference, in addition to that, only traffic that have destination port equal 80 who will pass through the transparent proxy because https for example bypass the transparent proxy because it is considered as man in the middle,
                i think that SSL who make this problem regarding gmail because basically it use https, and when unrestricted users try to access gmail they cannot because their browsers are not configured to use the proxy server, so https consider it to be kind of man in the middle, but what i can't understand at all is why thus issue happen only sometimes not always??????????????

                1 Reply Last reply Reply Quote 0
                • IT-ADMINI
                  IT-ADMIN
                  last edited by

                  this temporarily nature that makes me crazyyyyy

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    Could it be people selecting HTTP vs people selecting HTTPS that make it work or fail?

                    1 Reply Last reply Reply Quote 0
                    • IT-ADMINI
                      IT-ADMIN
                      last edited by

                      but gmail is automatically https, so the users don't select any protocol, they just want to access gmail, after that automatically they use https, and because they don't have "use a proxy server for your LAN" checked in their browser, they can't access it, (temporarily !!!!!!??? ) and this what drive me crazy, then i checked that box for them to allow them accessing gmail, after that they call me : "we cannot access facebook", then i unchecked that box to allow them accessing restricted website, (lol) working like that till i find a solution for this weird problem, but this shouldn't take a long time, i have to solve this problem as quick as possible

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        Is there no way to opt out of HTTPS for Gmail? Perhaps not.

                        1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          I know that Squid can do everything that you need, bypassing it isn't as good as leveraging it. I've manage Squid before, but never with a web interface. I don't know how the interface is limiting you but Squid should be able to allow you to select which accounts to block and which not to block while putting everyone through the proxy for security and speed.

                          Worst case, stop using a transparent proxy and go to a side by side proxy where non-proxy traffic literally goes straight out the gateway and only proxied traffic hits the proxy.

                          1 Reply Last reply Reply Quote 1
                          • IT-ADMINI
                            IT-ADMIN
                            last edited by

                            do you thing that it is better to install squid guard ??

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @IT-ADMIN
                              last edited by

                              @IT-ADMIN said:

                              do you thing that it is better to install squid guard ??

                              Possibly. I've not used it. I used an alternative to it last that I used Squid.

                              1 Reply Last reply Reply Quote 0
                              • IT-ADMINI
                                IT-ADMIN
                                last edited by

                                do you agree with me that : this problem happen because https traffic cannot be established if any proxy server in the middle unless you inform the browser that he should use a proxy otherwise he think that the proxy behave as man in the middle ??

                                but what i can't never understand is that happen sometimes, i cannot guess any cause for this madness,

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  No. Normally HTTPS is just ignored.

                                  1 Reply Last reply Reply Quote 0
                                  • IT-ADMINI
                                    IT-ADMIN
                                    last edited by

                                    sorry, what do you mean by the last post : "No. Normally HTTPS is just ignored" , can you explain please

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      Typically proxies are configured for HTTPS traffic to just bypass the proxy. It's not normal to use the proxy for that, only for HTTP.

                                      1 Reply Last reply Reply Quote 0
                                      • NaraN
                                        Nara
                                        last edited by

                                        For pure proxy (using local cache to offload WAN bandwidth constraints), HTTPS isn't usually proxied. In theory, it's session-specific, so caching it would be a waste of resources, and only serve to slow the user's experience down.

                                        For filtering, I typically use a device or service that provides transparent HTTPS inspection. Personally, I've had good luck with Sopohos UTM and the late Forefront TMG. Squid by design isn't a filter, and they say as such. They then go on to mention that if you want to use it as a filter anyway, use SquidGuard. I guess the question is: What are you looking to achieve by using the proxy?

                                        IT-ADMINI 1 Reply Last reply Reply Quote 2
                                        • IT-ADMINI
                                          IT-ADMIN @Nara
                                          last edited by

                                          @Nara right, i'm looking only for blocking some website like facebook and youtube for some users and allow them to some other users too, i'm not interested in caching, i want just to block or allow some website, but i didn't find any package to hundle this except the package called proxy server

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            A proxy is th right tool for that job but if you are not proxying HTTPS connections people won't even realize that they are blocked. They can just switch protocols and bypass the proxy. As all those sites offer HTTPS. If you block HTTPS then you have other issues.

                                            But to use a proxy well, everyone should go through it, not just some people. The proxy should decide who gets what access.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post