How to allow HTTPS traffic on port 8888 through proxy

[vovelee]

Hello!

I have configured a proxy with authentication and filtering. Everything is working OK but I have the following problem.

The IP address on my vpn card is 10.10.75.1. I want my clients to be able to change their passwords through UserCorner when they type https://10.10.75.1:8888 in their browser. I think that squid is filtering this site. I added 10.10.75.1 in Domains filtering with policy Always Allow but didn't help.

Does anyone have any ideas how to make this work?

[igum]

How to use Transparent Proxy and HTTPS traffic

You cannot use squid to access HTTPS with the transparent mode enabled.

What you could do is adding a rule to the firewall to enable the access to HTTPS.

Create a service for HTTPS traffic whose destination port is TCP/443 through Services. Then, go to Firewall --> Packet Filter --> Filtering rules for internal networks and set a rule to allow the service HTTPS being used by your internal hosts.

Save changes. After that your users should be able to access HTTPS sites.

you must change port 443 to 8888

sorry copy paste.

[vovelee]

OK,

but my proxy is not transperant and I don't have problems with open https sites. The only problem is that my clients can't open Ebox User Corner

How to use Transparent Proxy and HTTPS traffic

You cannot use squid to access HTTPS with the transparent mode enabled.

What you could do is adding a rule to the firewall to enable the access to HTTPS.

Create a service for HTTPS traffic whose destination port is TCP/443 through Services. Then, go to Firewall --> Packet Filter --> Filtering rules for internal networks and set a rule to allow the service HTTPS being used by your internal hosts.

Save changes. After that your users should be able to access HTTPS sites.

you must change port 443 to 8888

sorry copy paste.

[Javier Amor Garcia]

IThere is already a "usercorner" service, please check in the firewall that this service is allowed to your clients.

[Ret]

I have the same problem. My proxy runs on default port and is not in transparent mode. I use "authorize and filter" mode (though "always accept" doesn't work either). I didn't change anything in the firewall, so I can see the "usercorner" service running fine as a firewall rule.

It seems there's a problem with squid because when I try loading the user corner page on a browser set to use a proxy, the page page doesn't load. AND, if I use a browser without proxy configured it loads the page normally.

[bsener]

temp solution

for firefox
click Tools ->Options ->Advanced ->Network ->Settings
No proxy for localhost, 127.0.0.1
change to
No proxy for localhost, 127.0.0.1, 10.10.75.1:8888
save and go to usercorner

[wilhelmdup]

Has anyone found a way other than the above mentioned solution to get this working?

I do not want to configure these setting for all the user profiles? That will take too long.

[hardybm]

Yes, I have found one way to fix this.

It seem like a bug of Zentyal 2.0.20. The port 8888 (user corner) is not listed as a valid SSL_ports on Squid config file.

To fix this, you need customize /etc/squid.conf. JaCalvo has a good post to do this
http://blogs.zentyal.org/jacalvo/2011/01/04/how-to-customize-the-configuration-files-generated-by-zentyal/

To sumaryze:

1. Edit this file. By example using vi

sudo vi /usr/share/ebox/stubs/squid/squid.conf.mas

2. Add the following line, close to other SSL_ports definition.

acl SSL_ports port 8888         # zentyal user corner

3. Save your changes and restart Squid module

sudo /etc/init.d/ebox squid restart

4. Go to test. I'm my case is working fine