Hi there,
we've set up the astaro http-proxy within the network of one of our customers because he wanted to be able to see how many time his employees spend on non work-related websites.
After some little troubles we've got everything set up and working correctly except one thing.
They use a software where you have to mount a virtual CD on each client machine and then you'll be able to open the web based menu via entering http://127.0.0.1/ into your preferred browser.
When i do this, the http-proxy blocks my connection attempt with an Astaro error page saying that the error message is "invalid argument"
I tried to add everywhere an exception for http://127.0.0.1/ but without any success.
So I really hope someone out there can help me out with my annoying problem.
But now some facts about the http-proxy configuration:
- 2x ASG220 in active/active HA mode running the latest Astaro release (7.505)
- Proxy is in transparent mode with authentication (AD SSO)
- 1 configured profile
- 2 filter assignments, one for users and one for admin users (cant access the site at http://127.0.0.1/ either with user nor with admin user)
- configured an exception for http://127.0.0.1/ within each filter action set
- configured always allow for http://127.0.0.1/ under the "url filtering" tab
- added an exception for http://127.0.0.1/ under the "exceptions" tab, skipping all checks for this url
- proxy configuration is done with a "PAC" file stored on the astaro, users get the path to the url with DHCP - we need it this way because some users work from the home office, where nothing sould be proxied
- Internet Explorer checkbox "dont use proxy for local adresses" is checked via GPO
I've added another exception for the http://127.0.0.1/ into the PAC File - see below:
function FindProxyForURL(url, host)
{
// variable strings to return
var proxy_yes = "PROXY 192.168.145.1:8080";
var proxy_no = "DIRECT";
if (shExpMatch(url, "https://*")) { return proxy_no; }
if (shExpMatch(url, "localhost")) { return proxy_no; }
if (shExpMatch(url, "127.0.0.1")) { return proxy_no; }
if (shExpMatch(url, "127.0.0.1")) { return proxy_no; }
// Proxy anything else
return proxy_yes;
}
This is the error message I can see in the http-proxy log file when i try to connect to the http://127.0.0.1
2010:06:21-12:05:21 asg-1 httpproxy[18226]: [0xb152e980] connect_server (dns.c:704) Connections to 127.0.0.0/8 prohibited
2010:06:21-12:05:21 asg-1 httpproxy[18226]: [0xb152e980] dns_lookup (dns.c:950) connect_server failed: Invalid argument
2010:06:21-12:05:21 asg-1 httpproxy[18226]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.145.93" user="rmc" statuscode="502" cached="0" profile="REF_kpqCjPhPRb (ABCSG - intern)" filteraction="REF_zVMmTYsvCY (ABCSG-Admin)" size="2151" time="1 ms" request="0xb152e980" url="127.0.0.1/" exceptions="" error=""
2010:06:21-12:05:22 asg-1 httpproxy[18226]: [0xb152e980] connect_server (dns.c:704) Connections to 127.0.0.0/8 prohibited
I know that the log says that the connections to 127.0.0.0/8 are prohobited but I cant solve it by myself because I've ran out of ideas what to do.
I would really appreciate any help from you and please dont hesitate to contact me if you need some further details!
Thank you in advance and best regards,
Philipp Schmidt
This thread was automatically locked due to age.
