ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    cannot access gmail when bypassing proxy server (sometimes not always !!!!????)

    Scheduled Pinned Locked Moved IT Discussion
    59 Posts 4 Posters 15.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IT-ADMINI
      IT-ADMIN
      last edited by

      but gmail is automatically https, so the users don't select any protocol, they just want to access gmail, after that automatically they use https, and because they don't have "use a proxy server for your LAN" checked in their browser, they can't access it, (temporarily !!!!!!??? ) and this what drive me crazy, then i checked that box for them to allow them accessing gmail, after that they call me : "we cannot access facebook", then i unchecked that box to allow them accessing restricted website, (lol) working like that till i find a solution for this weird problem, but this shouldn't take a long time, i have to solve this problem as quick as possible

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        Is there no way to opt out of HTTPS for Gmail? Perhaps not.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller
          last edited by

          I know that Squid can do everything that you need, bypassing it isn't as good as leveraging it. I've manage Squid before, but never with a web interface. I don't know how the interface is limiting you but Squid should be able to allow you to select which accounts to block and which not to block while putting everyone through the proxy for security and speed.

          Worst case, stop using a transparent proxy and go to a side by side proxy where non-proxy traffic literally goes straight out the gateway and only proxied traffic hits the proxy.

          1 Reply Last reply Reply Quote 1
          • IT-ADMINI
            IT-ADMIN
            last edited by

            do you thing that it is better to install squid guard ??

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @IT-ADMIN
              last edited by

              @IT-ADMIN said:

              do you thing that it is better to install squid guard ??

              Possibly. I've not used it. I used an alternative to it last that I used Squid.

              1 Reply Last reply Reply Quote 0
              • IT-ADMINI
                IT-ADMIN
                last edited by

                do you agree with me that : this problem happen because https traffic cannot be established if any proxy server in the middle unless you inform the browser that he should use a proxy otherwise he think that the proxy behave as man in the middle ??

                but what i can't never understand is that happen sometimes, i cannot guess any cause for this madness,

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  No. Normally HTTPS is just ignored.

                  1 Reply Last reply Reply Quote 0
                  • IT-ADMINI
                    IT-ADMIN
                    last edited by

                    sorry, what do you mean by the last post : "No. Normally HTTPS is just ignored" , can you explain please

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      Typically proxies are configured for HTTPS traffic to just bypass the proxy. It's not normal to use the proxy for that, only for HTTP.

                      1 Reply Last reply Reply Quote 0
                      • NaraN
                        Nara
                        last edited by

                        For pure proxy (using local cache to offload WAN bandwidth constraints), HTTPS isn't usually proxied. In theory, it's session-specific, so caching it would be a waste of resources, and only serve to slow the user's experience down.

                        For filtering, I typically use a device or service that provides transparent HTTPS inspection. Personally, I've had good luck with Sopohos UTM and the late Forefront TMG. Squid by design isn't a filter, and they say as such. They then go on to mention that if you want to use it as a filter anyway, use SquidGuard. I guess the question is: What are you looking to achieve by using the proxy?

                        IT-ADMINI 1 Reply Last reply Reply Quote 2
                        • IT-ADMINI
                          IT-ADMIN @Nara
                          last edited by

                          @Nara right, i'm looking only for blocking some website like facebook and youtube for some users and allow them to some other users too, i'm not interested in caching, i want just to block or allow some website, but i didn't find any package to hundle this except the package called proxy server

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            A proxy is th right tool for that job but if you are not proxying HTTPS connections people won't even realize that they are blocked. They can just switch protocols and bypass the proxy. As all those sites offer HTTPS. If you block HTTPS then you have other issues.

                            But to use a proxy well, everyone should go through it, not just some people. The proxy should decide who gets what access.

                            1 Reply Last reply Reply Quote 1
                            • IT-ADMINI
                              IT-ADMIN
                              last edited by

                              yes, but the proxy server can block also https if and only if the browser is aware of the proxy server, and if the browser not using any proxy server the https traffic will pass through the proxy but the proxy will be unable to do anything with it,

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @IT-ADMIN
                                last edited by

                                @IT-ADMIN said:

                                yes, but the proxy server can block also https if and only if the browser is aware of the proxy server, and if the browser not using any proxy server the https traffic will pass through the proxy but the proxy will be unable to do anything with it,

                                In the way that you have set it up, yes. That need not be the case. There are many ways to architect the proxy server.

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  I've not done this in a very long time. But HTTPS setup is the correct answer to push everything through the proxy. Otherwise you need to move the proxy out of the packet path so that the bypassing clients can fully bypass it.

                                  http://www.howtoforge.com/filtering-https-traffic-with-squid

                                  1 Reply Last reply Reply Quote 0
                                  • IT-ADMINI
                                    IT-ADMIN
                                    last edited by

                                    i think it is time to try sophos UTM, because really this temporarily nature of this problem broke my trust toward pfSense, and what annoy me more i cannot find any explanation for this problem,
                                    because the problem itself is not annoying but when you can't figure out the cause of the problem, that time you hate yourself. hhhh

                                    1 Reply Last reply Reply Quote 1
                                    • IT-ADMINI
                                      IT-ADMIN
                                      last edited by

                                      and this what lower my self confidence sometimes when i cannot find a cause for an IT problem, or a solution for it, since i don't have strong IT experience this take it toll on me

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        Using Squid proxy is definitely a more advanced UNIX task.

                                        For your light need, have you considered something more simple like using hosts files? Really simple to maintain.

                                        1 Reply Last reply Reply Quote 0
                                        • IT-ADMINI
                                          IT-ADMIN
                                          last edited by

                                          but if use only host file, sure there will be some users who will manage to access those blocked website, i think it is not a reliable solution, isn't it???

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @IT-ADMIN
                                            last edited by

                                            @IT-ADMIN said:

                                            but if use only host file, sure there will be some users who will manage to access those blocked website, i think it is not a reliable solution, isn't it???

                                            Can't the work around by using HTTPS now?

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post