Bug #11383
closedpfSense Proxy Authentication not working
0%
Description
Proxy Username/Password on the system_advanced_misc.php is being ignored
You can see them in `env`:
# env | grep PROXY HTTP_PROXY=192.168.88.41:3128 HTTP_PROXY_AUTH=basic:*:test1:111
but not in packet capture.
System / Update sample capture:
Hypertext Transfer Protocol CONNECT files00.netgate.com:443 HTTP/1.1\r\n [Expert Info (Chat/Sequence): CONNECT files00.netgate.com:443 HTTP/1.1\r\n] Request Method: CONNECT Request URI: files00.netgate.com:443 Request Version: HTTP/1.1 Host: files00.netgate.com:443\r\n \r\n [Full request URI: files00.netgate.com:443] [HTTP request 1/1] [Response in frame: 10]
pfBlockerNG-devel (uses php curl functions) update capture:
Hypertext Transfer Protocol CONNECT mirror1.malwaredomains.com:443 HTTP/1.1\r\n Host: mirror1.malwaredomains.com:443\r\n User-Agent: pfSense/pfBlockerNG cURL download agent\r\n Proxy-Connection: Keep-Alive\r\n \r\n [Full request URI: mirror1.malwaredomains.com:443] [HTTP request 1/1] [Response in frame: 8]
Successful Firefox browser authentication:
Hypertext Transfer Protocol CONNECT mail.ru:443 HTTP/1.1\r\n User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0\r\n Proxy-Connection: keep-alive\r\n Connection: keep-alive\r\n Host: mail.ru:443\r\n Proxy-Authorization: Basic cGY1MjoxMjM=\r\n Credentials: pf52:123 \r\n [Full request URI: mail.ru:443] [HTTP request 1/1] [Response in frame: 66]
tested on 2.4.5-p1 and 2.5.0.a.20210204.2250
Updated by Jim Pingle almost 4 years ago
- Priority changed from Normal to High
- Target version set to 2.5.0
Confirmed here as well, if I set a system to use a proxy that requires auth, it can't communicate with the package server.
Updated by Anonymous almost 4 years ago
- Status changed from New to In Progress
- Assignee set to Anonymous
Updated by Anonymous almost 4 years ago
- Assignee changed from Anonymous to Renato Botelho
The values in the config.xml file appear to be correctly recorded:
<proxypass>Orange</proxypass> <proxyuser>Mario</proxyuser>
Updated by Renato Botelho almost 4 years ago
- Target version changed from 2.5.0 to CE-Next
- Affected Version changed from 2.5.0 to 2.4.5
Not a regression, move to next release.
Updated by Jim Pingle almost 4 years ago
- Target version changed from CE-Next to 2.5.0
- Affected Version changed from 2.4.5 to 2.5.0
See also: #9029
Updated by Jim Pingle almost 4 years ago
- Target version changed from 2.5.0 to CE-Next
- Affected Version changed from 2.5.0 to 2.4.5
Updated by Michael Samer almost 4 years ago
Hi
the problem exists since my oldest existing installation (here) FW:2.4.4p1. It was tested OK in Mid 2018 on 2.4.2 or .3 (whatever), so since then something must have changed in the code. As Jim Pingle had proxy auth problems on some other version it was fixed once. (shell) curl is ignoring the variables as well as like it's being compiled with ignoring the proxy parameters.
The same syntax/parameters on a CentOS 7.8 machine is working as it should.
Hope this helps
Updated by Michael Spears almost 4 years ago
Renato Botelho wrote:
Not a regression, move to next release.
IMHO, shouldn't this technically be considering a regression as it did work at one point? Confirmed this is currently an issue on 2.5.
Updated by Jim Pingle almost 4 years ago
From a much older release, yes, but not from the last public release. It was broken in 2.4.5-p1 thus not a new regression from 2.4.5-p1 to 2.5.0.
Updated by Michael Samer almost 4 years ago
Jim Pingle wrote:
From a much older release, yes, but not from the last public release. It was broken in 2.4.5-p1 thus not a new regression from 2.4.5-p1 to 2.5.0.
Hi Jim
it isn't working surely since the Release: 2.4.4p1 as this is my oldest living installationen. As it was running in my first tests in 2018 it is a (code) bug since then.
More serious: with no working proxy function I'm unable to update any of the current installations as well. I'd downgrade via USB Stick to some 2.4.2 when I initially tested it, but that seems odd.
Updated by Michael Samer almost 4 years ago
Michael Samer wrote:
Jim Pingle wrote:
From a much older release, yes, but not from the last public release. It was broken in 2.4.5-p1 thus not a new regression from 2.4.5-p1 to 2.5.0.
Hi Jim
it isn't working surely since the Release: 2.4.4p1 as this is my oldest living installationen. As it was running in my first tests in 2018 it is a (code) bug since then.
More serious: with no working proxy function I'm unable to update any of the current installations as well. I'd downgrade via USB Stick to some 2.4.2 when I initially tested it, but that seems odd.
I just received today a new SG3100 for deployment and updated it to the newest stable release. The Proxy Auth problem is still present in the 21.02p1. Afaik the 21.02 should be on par with 2.5.0, so no proxy function in newer releases so far.
Any spark on the horizon?
Updated by Renato Botelho over 3 years ago
- Status changed from In Progress to Feedback
- Target version changed from CE-Next to 2.5.1
Fix pushed on FreeBSD-src repository.
Upstream ticket - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220468