Cookies blocked, allowed by browser & cookie filter off

The cookies feature allows you to choose which hosts your browser is allowed to send and receive cookies to and from.

Cookies blocked, allowed by browser & cookie filter off

Postby rnsc » Tue Jun 08, 2010 6:32 am

Trying to log on to http://www.barronsregents.com/exams/sec.login
Web site says:
You may have cookies disabled on your browser. You must have cookies enabled to work with Barronsregents.com.

Cookies ARE enabled in browser.

Cookie filter is disabled (
Enabled: yes: ( ) No: (*)
Policy: Allow: (*) Deny: ( )

With NO rules
)

Config.xml attached below.
What else can I send you?

Thank you.


Tail of safesquid.log says:
2010 06 07 20:49:12 [13169] network: fd: 26 allowed connect from 192.168.240.11 on port 8080
2010 06 07 20:49:12 [13169] request: POST http://www.barronsregents.com:80/exams/sec.auth
2010 06 07 20:49:12 [13170] network: fd: 50 allowed connect from 192.168.240.11 on port 8080
2010 06 07 20:49:12 [13171] network: fd: 55 allowed connect from 192.168.240.11 on port 8080
2010 06 07 20:49:12 [13172] network: fd: 57 allowed connect from 192.168.240.11 on port 8080
2010 06 07 20:49:12 [13173] network: fd: 59 allowed connect from 192.168.240.11 on port 8080
2010 06 07 20:49:12 [13174] network: fd: 60 allowed connect from 192.168.240.11 on port 8080
2010 06 07 20:49:12 [13169] network: 192.168.240.11 disconnected after making 2 requests
2010 06 07 20:49:12 [13170] network: 192.168.240.11 disconnected after making 1 requests
2010 06 07 20:49:12 [13171] network: 192.168.240.11 disconnected after making 1 requests
2010 06 07 20:49:12 [13173] network: 192.168.240.11 disconnected after making 1 requests
2010 06 07 20:49:12 [13172] network: 192.168.240.11 disconnected after making 1 requests
2010 06 07 20:49:12 [13175] network: fd: 26 allowed connect from 192.168.240.11 on port 8080
2010 06 07 20:49:12 [13174] network: 192.168.240.11 disconnected after making 1 requests
2010 06 07 20:49:12 [13175] request: GET http://www.google-analytics.com:80/__ut ... %3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B
rnsc
 
Posts: 7
Joined: Sat May 08, 2010 10:13 pm

Postby sachin » Wed Jun 09, 2010 4:11 pm

1) The only problem in your config file, is that you have enabled caching section, but not defined any cache stores. If you would like to use caching, create a cache volume, and also change Clean Interval=30.

The above could have an adverse effect on your browsing experience. You could also try disabling caching section.

2) You have defined Interface Username & Password. This requires cookies enabled, and is know to have issues with a few browsers, even with cookies enabled. The problem, of course, occurs when you try to access the interface.

You can try accessing the said site, after removing the Interface username and password, just to make sure.

If the above do not solve your problem, then create a support tar ball with /etc/init.d/safesquid support, immediately after the problem occurs, and post it here.
sachin
 

Re: Cookies blocked, allowed by browser & cookie filter

Postby rnsc » Thu Jun 10, 2010 7:32 am

Thank you. Below I try everything you asked, and upload the tarball. In a follow on message I will provide some tcpdump traces from my system and describe the system. Perhaps these will be helpful.

Regarding (1). I see that I had "Enabled: False" on the caching store. Please verify that this is what I need to do to resolve this issue (Change to True).
Changed "Clean Interval" to 30. Note that I don't think I changed it from the install default. If true, then perhaps you should change the install default from 1 to 30.
Also note that "Prefetch window" does not have units in the manual. Units might be added to both in the UI.

These did NOT fix the problem.

Changed "Cache Section" to "Disabled. This did NOT fix the problem.

Regarding (2). Don't understand... Interface Username & Password requires cookies enabled, they are enabled, it works. Barron's site requires cookies enabled, they are enabled. I do not see a conflict.
Deleted contents of Username & Password fields on Access Restrictions page. Now I can get to the webGUI without authenticating (Which is not desirable, but not the problem at hand). Deleting the Username & Password did NOT fix the problem.

In all cases above I cleared the browser cache after the change, before the trial. I also adjusted the firewall to not forward to safesquid to see that I could log in, proving that I was not seeing a cached page.

Thank you again for your help.
rnsc
 
Posts: 7
Joined: Sat May 08, 2010 10:13 pm

Re: Cookies blocked, allowed by browser & cookie filter

Postby rnsc » Thu Jun 10, 2010 8:06 am

System has pfsense firewall with five interfaces:

WAN on xl0 interface, DHCP with address currently 66.66.26.6

LAN on fxp0 interface, 192.168.240.0/24. Client doing the browsing is 192.168.240.8. Port 80 is forwarded to 192.168.244.8:8080

FLT on dc0 interface, 192.168.244.0/24. Safesquid host is 192.168.244.8. This subnet has port 80 open to be routed to the WAN. All browsing to many other sites has been working through safesquid.

YEL on fxp1 interface, 192.168.241.0/24 is not connected at present, we should not see any mention of it in any files.

ORA on de0 192.168.243.0/24 has only a game console (XBOX) that should have been off, we should not see any mention of this in any files.

Attached are tcp dumps from the firewall each of the involved interfaces (WAN=xl0, LAN=fxp0, FLT=dc0) both with port 80 forwarded through safesquid ("filtered") and with port 80 allowed to be routed directly to the WAN ("nofilter"). These can be viewed by wireshark. The interesting part when the "Login" button was pressed after entering username and password starts with packet 88 for filter, and with packet 24 for "nofilter". There is also a one-line-per-packet text file for each case (with less detail than can be seen in wireshark). Also there is a tcpdump from the linux machine running safesquid on the FLT network (192.168.244.8) in the "Filtered" configuration (obviously there is not traffic to safesquid in the non-filtered configuration). The emoticon that shows up in the ip address of the previewed message is an numeral 8. I do not know why it is translated into an emoticon. Deleting it and retyping it does not help.

Let me know if there is any other information I can provide. Again, thank you.
rnsc
 
Posts: 7
Joined: Sat May 08, 2010 10:13 pm

Re: Cookies blocked, allowed by browser & cookie filter

Postby rnsc » Thu Jun 10, 2010 6:26 pm

Forgot to mention: the filtered.all.cap and nofilter.all.cap are the result of mergecap run on *.xl0.cap, *.fxp0.cap, and *.dc0.cap to interleave them. the *.all.txt file was derived from this merged file, but only the one-line packet summary included.

The filtered.safesquid.cap file was not included in the merge since being on a different machine, the packet timestamps would not interleave correctlly and probably be more confusing than helpful.
rnsc
 
Posts: 7
Joined: Sat May 08, 2010 10:13 pm


Return to Cookie Control

Who is online

Users browsing this forum: No registered users and 1 guest

cron