I'm using Squid 4.14 for Windows. I tried to establish authentication so that only authorized users could use the proxy, but I couldn't find a way. Most answers were for Linux.
Is there a way to set up a username/password for squid proxy on Windows?
Related
I'm trying to use Fiddler version 5.0.20202.18177 (latest as of writing) to determine the URLs used by various online / web installers.
This works fine in most cases. For example, with SpotifySetup.exe:
However, this does not work in some cases. For example, with DropboxInstaller.exe and bitdefender_online.exe:
I have ensured that:
HTTPS decryption is set up for all processes:
All types of connections are being captured:
Windows' proxies are set as expected.
All Windows 10 AppContainer Loopback exemptions are in place:
Running Fiddler as administrator doesn't make a difference.
I would have guessed that the executables simply aren't utilising the proxy but, as far as I'm aware, if the proxy is set at the Windows level then they can't override that?
A program can use of the proxy defined in the Windows Internet settings but it also can ignore those settings and directly connect to the Internet.
The proxy settings are only used automatically for programs that use an HTTP client provided by Microsoft (e.g. WinHTTP for C/C++ or a Dot.net Http client implementation).
All other programs that use their own HTTP client can query the Windows proxy settings and apply them but this is optionally. From a Windows perspective those programs just open TCP connections, what protocol is used on the connection is unknown to Windows hence Windows could not enforce that a proxy is used even if it would try to do so.
By default even programs that come with Windows like the command-line too curl ignore the Windows proxy settings.
Dropbox for example has their own proxy settings within the Dropbox client. There you have to configure Fiddler as proxy.
Bitdefender also seem to have it's own proxy settings where you have to configure Fiddler.
After my discussion with Robert, I ended up abandoning Fiddler, setting up a VirtualBox VM running pfSense Community Edition (free) + Squid3 with HTTPS Interception and Access Logging, installing the pfSense's root CA certificate in my test Windows VM, and changing my test Windows VM's default gateway to the LAN IP address of the pfSense which worked.
In the case of the Dropbox example, it was initially logging TCP_TUNNEL_ABORTED/200 client.dropbox.com:443 so I added client.dropbox.com to the whitelist in the ACLs then it worked and I could see the full EXE URL:
Using a computer behind an private corporate proxy, I would like to know if the proxy use or is compatible with NTLM authentication protocol. Any solution working on Windows and/or Linux would be accepted.
My Internet provider has proxy settings and when connected to the device comes out the same settings.
I want the device to getout the Internet without a proxy.
Example i want to be;-
==[Internet Source with Proxy]=> Mikrotik device =[internet without proxy]=>
My proxy setting is:-
-Proxy server :172.16.5.62
-Proxy server Port:8080
Authentication
-username: hamada
-password: hamada
Thank you for your cooperation in advance.
This is possible if you use transparent proxy and redirect traffic to the parent proxy with authorization. But mikrotik cannot use authorization either for the local or for the parent proxy.
I have a corporate proxy using Squid and kerberos for authentication, the proxy is configured for standard use, I.E allow http, https, a few others and block everything else. Now, there are many applications that support basic proxy authentication, but do not support Kerberos based authentication and many others that connect directly to the internet. I used Proxifier before the upgrade to kerberos to make my applications use the proxy, but I cannot do so now. I then installed an application called PX to create a proxy that connects to kerberos, but the proxy it creates is a simple HTTP Proxy and proxifier doesn't work correctly with it. Anyone has a setup for a situation like this?. I use Windows 10 and I obviously don't have access to the server where squid is configured. The application I need to connect to the internet uses standard https ports, it's not a torrent application nor anything that uses the ports blocked by squid. Thanks in advance.
Ok, for this particular case I've found the following setup to solve 99% of my problems.
First get Px here https://github.com/genotrance/px
Next get Fiddler: http://www.getfiddler.com/dl/Fiddler4BetaSetup.exe
Configure PX with your user and your domain and run it. By default it creates a running proxy on 127.0.0.1:3128
Configure your sistem proxy to use the proxy supplied by PX.
Execute fiddler, it should create ANOTHER proxy at 127.0.0.1:8888
Use this proxy in your apps. Proxifier should work as well.
Why use fiddler and not the direct 127.0.0.1:3128?, PX creates a pure http proxy and fiddler allows to tunnel https and connect request through it.
Any requests will pass through fiddler which will redirect them to the PX proxy which will redirect them to the squid proxy (So expect very slow speeds).
In the end since you're just redirecting your apps towards your proxy, if your proxy bans using regex expressions or direct IP connections some apps will NOT work, and in these cases using TOR or a VPN is the only real solution. Hope it helps someone avoid all the headaches I went through.
I have set up a squid proxy on a Ubuntu machine, and I'd like to do some testing by accessing the proxy from another computer (NOT on the same lan). But I seem to be unable to connect to the squid proxy server.
I've tried several different ways to connect: by setting the proxy in my web browser, and by using the unix program "curl" to issue http requests from a command line. But I just can't connect.
I've tried setting the acl in the configuration file squid.conf to allow access from the remote machine. So I don't know what's going on. If I try to access the internet from the same machine that the squid proxy is on, it works correctly.
The lines in squid.conf that I added to allow access from the remote machine are:
acl my_machine src 50.193.61.125/255.255.255.0
http_access allow my_machine
Is there anything else that needs to be done to allow the remote machine to access the squid proxy?
Thanks.
got the same problem. ec2 instance with fedora 19 os and squid 3.2.9. also created a security group incoming rule for port 3128. wont work if i connect from a remote pc. think there is a restriction in the aws-cloud.