Menu
▾
▴
[privoxy-devel] [ ijbswa-Bugs-3615020 ] transparent proxy + accept-intercept-requests
|
From: SourceForge.net <no...@so...> - 2013-09-19 17:42:40
|
Bugs item #3615020, was opened at 2013-09-17 21:33 Message generated for change (Comment added) made by lsoltero You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=3615020&group_id=11118 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: funct: header manipulation Group: version 3.0.21 >Status: Open Resolution: None Priority: 5 Private: No Submitted By: lsoltero (lsoltero) Assigned to: Fabian Keil (fabiankeil) Summary: transparent proxy + accept-intercept-requests Initial Comment: accept-intercept-request works fine when the client browser has been manually configured to use the proxy server. However, when in transparent mode (where traffic from port 80 is NATTED to the proxy port) and the browser is unaware that is being proxyed, authentication requests are not done correctly and the browser displays a "this page is not available" mesg. Not sure what the fix is for this if there is one. to reproduce the error on any linux distribution... 1. add accept-interface-requests to the proxy config 2. execute the following iptables command as root iptables -t nat -N natcensor iptables -t nat -I prerouting_rule -j natcensor iptables -t nat -A natcensor -p tcp --dport 80 -j REDIRECT --to-port 3128 (where 3128 is the port the proxy is listening on) 3. confirm that you can browse the internet while confirming that the proxy is being used by checking the logs. The browser should "normal" non-proxy mode. 4. configure an upstream proxy that requires authentication 5. browse to a page that requires the use of the proxy. at this point you should see the failure. 6. change the configuration of the browser to manually use the proxy. 7. confirm that the authentication request window pops up on the browser when using the upstream proxy. problem discovered using privoxy 3.0.21 under OpenWRT. --luis ---------------------------------------------------------------------- >Comment By: lsoltero (lsoltero) Date: 2013-09-19 10:42 Message: i have attached a TCP dump of a transparent HTTP session using privoxy with enable-proxy-authenticaion-forwarding. you will note that privoxy correctly passes the 407 Authentication required response back to the browser... however, the browser never responds. so it seems that enable-proxy-authenticaion-forwarding only works when the browser is configured to access the proxy. Otherwise it ignores the 407 request since it does not believe its using an upstream proxy. not sure there is anything that can be done to privoxy other than have it do the authentication for the user. I submitted a patch that allows this in a previous bug report. --luis ---------------------------------------------------------------------- Comment By: Fabian Keil (fabiankeil) Date: 2013-09-18 05:30 Message: Thanks for the report. Please provide a log excerpt as described at: http://www.privoxy.org/user-manual/contact.html#SUFFICIENT-INFORMATION My suspicion is that this isn't a Privoxy bug, but the result of the browser rejecting the authentication request for security reasons (the authentication request could have been faked by a malicious webserver), but without a logfile it's hard to tell. Also note that there a multiple proxy authentication schemes an it's unclear to me which one you are trying to use. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=3615020&group_id=11118 |