Author Topic: [SOLVED]Proxy blocking https ports.  (Read 6709 times)

matias.aiskovich

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
[SOLVED]Proxy blocking https ports.
« on: December 14, 2012, 09:41:16 pm »
Hi, i have a problem with the Zentyal proxy:
We need to use some pages that have  invalid ssl certificates and seems that zentyal is blocking them,i have been searching about this problem with squid and i found that there are some lines of squid.conf that will block the pages that dont have a valid certificate so i thinked that maybe zentyal have this configuration set by default but when i looked in the squid.conf.mas pattern file this wasn´t applied. I also tried with creating exceptions in the proxy filter section to this pages but didnt work, i know that will be better to not allow to enter to pages without valid ssl but we really need to use this pages, is there any way to solve it?
Thank you very much
« Last Edit: December 20, 2012, 01:49:14 am by Escorpiom »

Sam Graf

  • Guest
Proxy blocking https ports.
« Reply #1 on: December 15, 2012, 08:49:06 pm »
My recollection was that the proxy doesn't interfere with access to sites having invalid certificates. Regrettably, I'm away from the office so can't take a look.

What version of Zentyal are you running? Are you using a categorized domain list?
« Last Edit: December 20, 2012, 01:48:46 am by Escorpiom »

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Proxy and invalid ssl certificates
« Reply #2 on: December 16, 2012, 02:05:02 am »
Already replied it in the Spanish section, please - one at a time.
Advised to look at the way proxy has been set up and to look at the firewall rules.
This has to be something new in Squid 3 because I've never had that issue.

Cheers.
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

matias.aiskovich

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Proxy and invalid ssl certificates
« Reply #3 on: December 16, 2012, 07:28:17 pm »
Excuse me, i wasnt right about this problem, i believed what the users told me. First, i cheked again and Zentyal isn`t blocking https, the users thought that i blocked them the site when they saw the normal advertise that you have when you are trying to enter to a non valid https, then there is something that is really being blocked by Zentyal and is a page that use the port 8443 and a invalid ssl(i thought about ssl but is clear that the problem is the port), so i think i have to allow this port on the firewall to this issue?
Thank you very much
Excuse me for my mistake

pd: Escorpiom i will delete the spanish thread

Sam Graf

  • Guest
Re: Proxy and invalid ssl certificates
« Reply #4 on: December 16, 2012, 07:45:34 pm »
I understand then that you are not using a transparent proxy?

matias.aiskovich

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Proxy and invalid ssl certificates
« Reply #5 on: December 17, 2012, 12:40:19 am »
No, i am using the non transparent proxy.
Thank you

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Proxy and invalid ssl certificates
« Reply #6 on: December 17, 2012, 01:53:10 am »
If you need port 8443, from what I read on Speedguide it is used by any of these services:

Code: [Select]
PCsync HTTPS, PCSync SSL, Common alternative https port, SW Soft Plesk Control Panel, Apache Tomcat SSL, iCal service (SSL) SG
 8443 tcp SW Soft Plesk Control Panel (unofficial) Wikipedia
 8443 tcp,udp pcsync-https PCsync HTTPS IANA
 8443 tcp pcsync-ssl PCSync SSL SANS
 8443 tcp https-alt Common alternative https port

If you are not using the transparent proxy, then you would have to allow this port in Squid's config file, it will be somewhere in this line:

Code: [Select]
acl SSL_ports port 443 563 # https, snews
change to

Code: [Select]
acl SSL_ports port 443 563 8443 # https, snews
You have to hack into the .mas file that is here in Zentyal 2.2.7:

Code: [Select]
/usr/share/zentyal/stubs/squid
You can perhaps add por 8444 also. After the change, restart proxy service and you are good to go.

Cheers.
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

matias.aiskovich

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Proxy and invalid ssl certificates
« Reply #7 on: December 19, 2012, 03:56:14 pm »
It worked
Thank you very much for your help

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Proxy and invalid ssl certificates
« Reply #8 on: December 20, 2012, 01:47:19 am »
Ofcourse it worked. My n00b tips are useful sometimes  ;D
Let's mark it as "solved" then?

Cheers.
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

RodixPy

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: [SOLVED]Proxy blocking https ports.
« Reply #9 on: June 12, 2014, 04:31:53 am »
Hi I have the same problems but this solution not work for me.

P.D: sorry for my bad english

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: [SOLVED]Proxy blocking https ports.
« Reply #10 on: June 12, 2014, 08:19:26 pm »
Please make a new post and explain in detail.

Cheers.
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...