Http Proxy Configuration

[fuse]

Im configuring ebox HTTP Proxy, when i try to access to a mail server connected of one of the routers dmz port (external to ebox) e got this message,

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://mail.xxxxxx.xx:81/

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is webmaster.

Any ideias of what could be blocking that?

Thanks

[Javier Amor Garcia]

Yes, the proxy is blocking your request. Have you either a "Deny all" default policy or object policy?

[fuse]

Yes, the proxy is blocking your request. Have you either a "Deny all" default policy or object policy?

Hi, default proxy policy is filter, some objects to allow all traffic from certan pcs including mine where the error is showing, could be related to the port?

Thanks

[Javier Amor Garcia]

I don't think is a port problem, the screen you are getting is the scrren that shows squid when some ACL forbids access to the proxy. With an "Allow all" or "Filter" policy you shouldnt have the access denied unless your object's polices have a time restriction. Can you check this, please?

[fuse]

Hello,
Thanks for your reply, the my ip object policy is as follows
Admin       Always allow       All time

Regards

[Javier Amor Garcia]

mmmm, it seems correct. Can you send me a copy of your configuration so I can examine this issue further?.

You can generate a copy of the configuration with the command: "/usr/share/ebox/ebox-make-backup --bug-report".

[Javier Amor Garcia]

I have seen your config. It seems that all is correct. However I think the problem is that transparent mode is enabled. When I disabled it I could brose without problems. Maybe there is some bug with the intraction of filter policy, objects and transparent mode.

Could you try it without transparent mode?.

 I am leaving in holydays so I wouldnt be able to address this topic until two weeks from now. Maybe someone could help here?

[fuse]

Hello,
I have tried without transparent mode, and the problem persists, any sugestions? Meanwhile i will try authorize and filter for default policy.

Thanks for your help.

[fuse]

No luck with the last test config.

Regards,

[axl]

Hi, you should to do this, according to what I said Javier Amor Garcia (Zentyal Staff - Zen Hero)

Not a matter of policy but the firewall HTTP proxy. The HTTP proxy has a list of "safe havens" and prohibits the HTTP connection to any port not included in this list.

This aspect can not be changed by the eBox interface, so the only way is to modify the template used to generate the proxy settings.

To do this:
1) Edit the template "is /usr/share/ebox/stubs/squid/squid.conf.mas"
2) Find the part where there are sentences like 'acl Safe_ports port 80'
3) Add your sentence is 'acl Safe_ports port 88' (or the port number you want)
4) Restart the proxy with / etc / init.d / ebox squid restart '
5) Make sure everything works, if we misspelled the template, the proxy will have a misconfiguration and not work ..

My problem was solved, can accomplish was coming from the same computer the file manager (with root privileges, "right click open as root") of Zentyal, find the path specified and open the file in question, then edit the same file "squid.conf.mas" (opened with a notepad-style program), then save and restart the service woooolaaa! I was able to enter the pages in question with the port 88.

Regards