I've installed a new server using ClearOS 7 for a company with 55 client terminals and around 100 users/employees.
They can surf the Internet by Squid proxy with authentication mode.
However, some websites in Brazil use third-party scripts like JSON, JavaScript, AJAX, among others.
Therefore, the proxy sometimes blocks these scripts and returns the error TCP DENIED/403 in the access log.
For example, the user accesses the website www.alice.com, and this website tries to load a script available on www.bob.com. The proxy caches the files correctly from www.alice.com and blocks files from www.bob.com. Furthermore, www.bob.com can also use scripts of a third website.
My current solution is to monitor the access.log file, identify the DNS of denied websites, and manually add a rule that allows the proxy access and cache the blocked website. This task is annoying, and it takes a long time for our IT department to monitor the log files. Has anyone ever had a similar issue like this?
They can surf the Internet by Squid proxy with authentication mode.
However, some websites in Brazil use third-party scripts like JSON, JavaScript, AJAX, among others.
Therefore, the proxy sometimes blocks these scripts and returns the error TCP DENIED/403 in the access log.
For example, the user accesses the website www.alice.com, and this website tries to load a script available on www.bob.com. The proxy caches the files correctly from www.alice.com and blocks files from www.bob.com. Furthermore, www.bob.com can also use scripts of a third website.
My current solution is to monitor the access.log file, identify the DNS of denied websites, and manually add a rule that allows the proxy access and cache the blocked website. This task is annoying, and it takes a long time for our IT department to monitor the log files. Has anyone ever had a similar issue like this?
Share this post:
Responses (4)
-
Accepted Answer
I think this can be one of the joys of managing the proxy if the sites are proxy unfriendly. Are you using the Authentication Bypass list at all? It may not be relevant.
Some apps and sites are just not proxy friendly. -
Accepted Answer
I use proxy authentication for all sites.
Now, I'm afraid of these unfriendly sites.
Do you use any alternative approach to handle this problem in your servers?
Nick Howitt wrote:
I think this can be one of the joys of managing the proxy if the sites are proxy unfriendly. Are you using the Authentication Bypass list at all? It may not be relevant.
Some apps and sites are just not proxy friendly. -
Accepted Answer
I don't use the proxy at all. It is heavy on resources and requires configuring all devices to use it or the use of Web Proxy Auto-Discovery. In transparent mode it is pretty ineffective as a lot of traffic has switched to https.
Clearcenter's preferred filtering solution is Gateway Management. -
Accepted Answer
Thank you a lot for your help.
I just finished configuring the Gateway Management on my server and I could access all proxy unfriendly websites.
I also noticed that this service speeds the Internet up.
Nick Howitt wrote:
I don't use the proxy at all. It is heavy on resources and requires configuring all devices to use it or the use of Web Proxy Auto-Discovery. In transparent mode it is pretty ineffective as a lot of traffic has switched to https.
Clearcenter's preferred filtering solution is Gateway Management.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »