Topic: Strange squid error (403 forbidden only on Firefox) [Sorted]

[judgej]

I'm trying to connect to a control panel on a website through an up-to-date SME server. The panel is on HTTPS port 8091.

When I connect through Internet Explorer, it all works fine, no problems at all. If I try to connect through Firefox, I get an error from the squid cache:

The following error was encountered:

Code: [Select]

* Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is admin@example.co.uk.
Generated Wed, 27 Feb 2008 19:21:13 GMT by sme.example.co.uk (squid/2.5.STABLE14)
The header coming back to my FF browser is:

Code: [Select]

HTTP/1.x 403 Forbidden
Server: squid/2.5.STABLE14
Mime-Version: 1.0
Date: Wed, 27 Feb 2008 19:21:13 GMT
Content-Type: text/html
Content-Length: 1077
Expires: Wed, 27 Feb 2008 19:21:13 GMT
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from sme.example.co.uk
Proxy-Connection: close
This could be a problem with the control panel, simply rejecting FF, but I very much doubt it. Is there any way in which the squid proxy could be causing this problem?

(The domains have been changed to protect the innocent.)

[SoftDux]

Is both FF & IE running on the same machine?
Have you checked the proxy settings in both IE & FF to make sure they're the same?

What happens when you disable the proxy server in SME's server-manager?

[judgej]

Yes, both are on the same machine, and neither have proxy settings configured.

However - on FF I did have the 'auto-detect proxy settings' box ticked, rather than the 'Direct connection to the Internet' box. Changing it from the former to the latter has fixed the problem.

The return header no longer shows the hit/miss entry from the SME Server proxy:

Code: [Select]

HTTP/1.x 200 Document follows
Date: Wed, 27 Feb 2008 23:56:48 GMT
Server: MiniServ/0.01
Connection: close
Set-Cookie: testing=1; path=/; secure
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html
I've checked my settings and the transparent proxy is turned off, which means that a browser can choose to use the proxy or not (FF was using it, and IE was not). That explains the difference.

However - that still leaves me with the problem that going through the proxy causes the page to fail. Obviously I'm fixed up now (I have my workaround) but I'm still curious as to what could be going wrong.

[SoftDux]

Just as matter  of interest, what did you get when you looked at /var/log/squid/access.log when you tried to open that site?

What happens when you enable the transparent proxy?

Can you access any other websites at the same time?

[judgej]

The log file contains entries like this:

Code: [Select]

Wed Feb 27 17:51:56 2008      0 192.168.6.58 TCP_DENIED/403 1368 CONNECT w.x.y.z:8091 - NONE/- text/html
I have not turned the transparent proxy on, but we can probably assume for now that the effect would be the same.

So, my current hypothesis is that the end control panel does not like the proxy. I have occasionally had some sites that did not work in FF but did in IE (e.g. old cached pages I couldn't shake off, and sites that plain didn't work) so this proxy setting may have been causing me a few problems in the past.

There are only a small number of us going through this server and we work on dynamic sites all day long (CMSs etc.) so the proxy cache is probably not much use to us anyway.