#StackBounty: #proxy #authentication #squid #access-control-list #wildcard Wildcards For Squid ACL Names (aclname)

Bounty: 50

I’d like to implement IP-based authentication on my proxy servers. Consider a user of my service called user1. Here’s what my ACL currently looks like for that:

acl user11 proxy_auth [-i] user11
acl user12 proxy_auth [-i] user12
acl user13 proxy_auth [-i] user13

with a corresponding outgoing IP address assignment:

tcp_outgoing_address 175.25.11.25 user11
tcp_outgoing_address 175.25.11.26 user12
tcp_outgoing_address 175.25.11.27 user13

This way, user1 can use multiple outbound IP addresses by appending a number to their username when authenticating.

I want user1 to have access to many outgoing IP addresses but use IP-based authentication. As I understand it, I would do IP-based authentication like this:

acl user11 10.0.0.1
acl user12 10.0.0.1
acl user13 10.0.0.1

But that won’t work because then the user has no way of using/specifying a different outgoing IP address. This must mean that I have to use a different port for each outbound IP address.

Suppose my server’s main IP was 175.25.11.1 (What the user will connect to) and I wanted each port they connect to to have a different outbound IP address. Let’s also assume the user’s IP is 10.0.0.1 and we want to use IP-based authentication. The way I understand it, this is how I would do that:

http_port 175.25.11.1:3128 name=3128
http_port 175.25.11.1:3129 name=3129
http_port 175.25.11.1:3130 name=3130

acl user13128 myportname 3128 src 10.0.0.1 http_access allow user13128 tcp_outgoing_address 175.25.11.25 user13128
acl user13129 myportname 3129 src 10.0.0.1 http_access allow user13129 tcp_outgoing_address 175.25.11.26 user13129
acl user13130 myportname 3130 src 10.0.0.1 http_access allow user13130 tcp_outgoing_address 175.25.11.27 user13130

Please correct me if I’m wrong. My question is, can I setup the IP-based authentication so that I can change it in 1 place in my squid.conf. That way, if the user changes their IP, I don’t have to rewrite a huge list of ACL. Consider that this server has 10,000 IP addresses bound to it. Can I use some sort of wildcard that says:

acl user1* src 10.0.0.1 http_access allow

Please correct any error I may have here. This is my first attempt at IP-based authentication.


Get this bounty!!!

#StackBounty: #windows #networking #macos #vpn #proxy How to route all internet traffic from a Mac OS into a WIndows VM

Bounty: 100

I am currently using a Mac (OS Sierra) with Windows OS (Win7) running under Parallels.

When I work remotely, I have to connect to my company’s VPN. Unfortunately the VPN software is only compatible with Windows. I still have my Windows VM running just to run the VPN and a couple of work software that only works in Windows.

My question is how can I route internet traffic in Mac OS into the Windows VM. I hope once I do that my Mac OS will also be under the work VPN as well.

I have tried tunnelling into the Windows VM (with the Windows VM running an SSH server) but certain ports will still not route correctly (like port 22).

Any ideas would be most helpful.


Get this bounty!!!

#StackBounty: #windows #proxy #wget Connection fails in wget

Bounty: 50

When I try to use wget on Windows 7, it fails with a message like this:

> wget ftp://ftp.fu-berlin.de/tex/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpd
--2017-07-10 14:37:47-- ftp://ftp.fu-berlin.de/tex/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpd
=> 'texlive.tlpd'
Resolving ftp.fu-berlin.de... 130.133.3.130
Connecting to ftp.fu-berlin.de|130.133.3.130|:21... failed: Unknown error.
Retrying.

[Yes, I am trying to install TeX live.]

This happens both for FTP and HTTP connections.

I suspected a proxy issue because I believe that on this network, a proxy is necessary. In a web browser I can access the URLs where wget failed. The browser is set to “use system proxy”, but I do not really know where to find those settings so that I could pass them to wget. I tried

> netsh winhttp show proxy

but it says

Current WinHTTP proxy settings:

    Direct access (no proxy server).

Does this mean that there really is no proxy?

If so, what else could it be? Could a firewall that lets through Firefox, Chrome, and IE block wget?


Get this bounty!!!

#StackBounty: #linux #proxy #openvpn #connection OpenVPN – Drop connection on header

Bounty: 50

I need ths behaviour When connecting to a special website from my client, I would like to receive a blank page as a result. For example if I connect to serverfault.com, I receive a blank page, but if I connect to google.com, I have the good website.

I’m currently using the following config:
Server 1: Client
Server 2: OpenVPN
Server 3: Proxy
Server 4: Website

The client connects to the website via curl using the proxy but the server itself is configured to use the VPN. So it simply does server 1 -> server 2 -> server 3 -> website.

I can’t modify server 3 (a proxy provider) neither server 4 (could be whatever website). I need to configure something on server 1 or server 2.

I was thinking to add an header to my request (for example: SPECIALCONNECTION: Drop), and the server 2 check if I have this header. If it is present, it just drop the connection and return a blank page. But I don’t see a way to configure OpenVPN easily to do this, so any ideas are welcome. 🙂


Get this bounty!!!

#StackBounty: #clustering #proxy #postgres-xl Postgres-XL adding GTM Proxy seems to do nothing

Bounty: 50

I’ve set up a Postgres-XL cluster using this recipe:

GTM:
hostname=host1
nodename=gtm

Coordinator:
hostname=host2
nodename=coord1

Datanode1:
hostname=host3
nodename=datanode1

Datanode2:
hostname=host4
nodename=datanode2

When I ran a load test against it, the GTM would fallover. I tweak settings until the GTM didn’t fall over but only reported errors – thus kept on working after the load test.

I the added a GTM Proxy. I did not do init all but rather only init the proxy. When I restarted the cluster, the GTM reported that the GTM proxy was up and running. When I looked at the GTM proxy’s log, it looked like it started up and was connected.

But when I ran the load test again, I got the same result with no log entries for the GTM proxy. Thus it seems like the GTM Proxy didn’t pick up the load processing as I expected it to do.

I don’t know how to trouble shoot this. Any pointers on where to look next?

(I don’t know what extra info to post here)


Get this bounty!!!

#StackBounty: #proxy #openvpn #privoxy Redirect Privoxy traffic through OpenVpn

Bounty: 50

I am not sure if this is possible but I would like to route all traffic from FireFox through my OpenVpn connection with HideMyAss.

Basically the setup I have is that I am running a connection using OpenVpn through HideMyAss, I have edited the ovpn file and added “route-nopull” so that when using Chrome, IE, etc. I use my local connection, I have installed Privoxy and setup FireFox to use that proxy and what I would like to do is then have all traffic requested through just that proxy which FireFox is using use the OpenVpn connection.

Forgive me as I am quite new to this, is this possible?


Get this bounty!!!

#StackBounty: #proxy #csrf #same-origin-policy #cors CSRF not working over CORS proxy

Bounty: 50

I’m consuming OData services from JQuery and running into a typical scenario of Same Origin Policy. I do not have control over the server and therefore I can not implement CORS so the only thing I can do is to use a proxy in order to bypass the same origin policy. In particular I use cors-anywhere. But I tried others and still having the same issue.

So, anyway, until then it is all cool, I’m able to save the situation with the proxy and to execute my ajax call with no problem, but, this only works for GET requests. Because, now the server also requires a CSRF token for POST, PATCH, etc and it looks like the token I obtain through a call to the server through the proxy:

resuest csrf

is not valid for my next consecutive requests to the server. Moreover, I notice that every time I request a CSRF token like this(http://localhost:9191/https://my-server) I obtain a different one, which is not happening if I do the request without using the proxy(https://my-server). So, my question is:

Would anyone be able to explain why this is happening and if so, is there any way to overcome this problem in order to be able to make requests from JS?

So far I’ve tried a number of things such as rewriting Host, Referrer, Origin and other headers in the proxy without success and though I could really use some help from this wise community here. Any comments or suggestions welcome.

Cheers,


Get this bounty!!!

#StackBounty: #microsoft-word #proxy Enable Word Plugin Through Proxy

Bounty: 50

Office 2013:

I like to use the word-addon Grammarlyby google in word but I’m stuck on the log in screen. Office is being allowed to connect to the internet so I think it is related to proxy authentication.
How can I enable proxy authentication for this addon?


Get this bounty!!!

#StackBounty: #web-server #http #proxy Proxy server with customizeable logic of selecting upstream server

Bounty: 100

I’m looking for a proxy server, written in any language, that would allow to customize selection of the upstream server somehow. For example to let it take a random upstream server from a list.


Get this bounty!!!

#StackBounty: #active-directory #proxy #adfs #window-server-2012 Connecting user in adfs from an external c# web app

Bounty: 50

I’m creating a web application that will be used by users that are included in an Active Directory.

Before we were connecting our app directly to the ad using LDAPS. My Client is now using ADFS and want to close the LDAPS “gateway”

I’m kind of lost, but here is my comprehension :

The ADFS will be on the same domainController as the AD. Since my web app is on another server also on another domain, my client will have to specify that the claims made from my server are trusted.

So here is my question :

1 – What does my client have to do in adfs ?

  • I saw the notion of relying party, but is this notion only used if I have also ADFS install on my server ? or am i in the right direction ?

2- Do I need to install anything on my server ?

  • I think my client will need to give me a certificate so my call are trusted.
  • Do I have to install ADFS to my server, the claims will be made between adfs(s) ?
  • Do I need to install an ADFS proxy ?

Thanks in advance, im kind of more lost than before the beginning of my search.

P.S. I can’t use the integrated visual studio tool to connect to ADFS because I have a mixed authentification (Database and ADFS)


Get this bounty!!!