[NOTABUG] [7.360] HTTP proxy no more working ?

BuBU · #1 (**permalink**) 12-03-2008, 08:58 PM

Hi,

I just reactivated HTTP Filtering with all default options + anti-virus scan + full transparent and I'm no more able to browse the web...

I needed to disable HTTP Filtering to be able to connect to the web again...

thx

BuBU · #2 (**permalink**) 12-04-2008, 08:10 AM

Hi

attached is a screenshot for the proxy error... without proxy everything is working fine..

of course google should work !!

this is standard http filter config with anti-virus enabled... and proxy allowed for internal network

thx

edit1: for info using PPPOE connection.
edit2: and this is on an ASG 120 box

crashtestdummy · #3 (**permalink**) 12-04-2008, 01:05 PM

I had the same error. After disabling full transparent mode, the problem stopped occurring.

trollvottel · #4 (**permalink**) 12-04-2008, 05:12 PM

You guys need to understand what full transparent mode really does, first. Basically, the proxy rewrites the src-address of the requests it generates with the clients ip address. If your client uses an internal IP, you' re screwed because the webserver will never reach the client.

Believe me, you just want to stick to normal transparent mode.

BuBU · #5 (**permalink**) 12-04-2008, 05:24 PM

Quote:

Originally Posted by trollvottel

You guys need to understand what full transparent mode really does, first. Basically, the proxy rewrites the src-address of the requests it generates with the clients ip address. If your client uses an internal IP, you' re screwed because the webserver will never reach the client.

Believe me, you just want to stick to normal transparent mode.

so full transparent proxy was not working in 7.350 !

because I remember to used it and all was working fine !

thx

furgl · #6 (**permalink**) 12-05-2008, 08:52 AM

Yep, transparent mode was fine this way all (?) the versions before,
with 7.36 you have to change operation mode of http proxy to standard

what and why ever ...?

before, updates/downloads were buffered and scanned,
now they're passed online to calling application ...
I hope for my good sleep asg scans really really transparent ?

trollvottel · #7 (**permalink**) 12-05-2008, 01:05 PM

Full transparent mode is a new feature of v7.400, so there weren' t older versions of full transparent mode for HTTP proxy available to the public.

BuBU · #8 (**permalink**) 12-05-2008, 01:10 PM

Quote:

Originally Posted by trollvottel

Full transparent mode is a new feature of v7.400, so there weren' t older versions of full transparent mode for HTTP proxy available to the public.

I was talking about 7.350

where I was able to connect to internet from internal when full transparent proxy was checked.. as I remember...

BrucekConvergent · #9 (**permalink**) 12-05-2008, 08:57 PM

Just curious... what is the difference between "standard" transparent mode and "full" transparent mode?

Gert Hansen · #10 (**permalink**) 12-05-2008, 09:40 PM

In transparent mode, the proxy intercepts outbound port 80 connections and processes it. it creates a new connection to the real server. this connection uses the external interface ip adress as the source ip of this connection.
this way the original ip address of the client can not be seen on the real server.

Full Transparent does exactly the same thing, but it replaces the external ip adress on the connection to the real server with the original ip address of the client.
this way the real server knows the original ip adress of the client.

But this feature only works properly in bridge mode, as the real server will try to send the response back to the original client ip and if this client ip is not routable, than it does not work.

If properly used in bridge mode, the full transparent proxy is nearly undetectable.

I hope this is understandable
regards
Gert