Forbidden
-
Hi!
someone know whay when I try to access the site http://www.bahiatursa.ba.gov.br/ behind pfsens, I get de erro forbidden?
Thanks -
What makes you believe the message comes from pfSense? Have you installed Squid and configured it to block sites?
-
@Cry:
What makes you believe the message comes from pfSense? Have you installed Squid and configured it to block sites?
When I access no of my network the site is showed. Only Pfsense are configured.
Thanks! -
By default there isn't anything in pfSense that would cause that.
Can you provide a screenshot of the error in question?
-
someone know whay when I try to access the site http://www.bahiatursa.ba.gov.br/ behind pfsens, I get de erro forbidden?
If you do not configured Squid, may be a problem with the DNS configuration or firewall rules on your pfSense.
Send screenshots of these settings. This makes it easier to help you!
[]`s
Jack -
@Cry:
By default there isn't anything in pfSense that would cause that.
Can you provide a screenshot of the error in question?
-
:-) That is their server denying you access, not your firewall denying access.
-
You are responsible for the site http://www.bahiatursa.ba.gov.br/?
The above error has nothing to do with pfSense. Is your (any) under Apache Server denied access to directory pages.
[]`s
Jack -
So when you say you access this site not using pfsense - are you on a different network than pfsense wan IP?
As stated that error is from their server saying your denied, that has nothing to do with pfsense configuration.
-
So when you say you access this site not using pfsense - are you on a different network than pfsense wan IP?
As stated that error is from their server saying your denied, that has nothing to do with pfsense configuration.
No, I in a same network Wan.
-
Well at work here, and if I use our proxy. I get the same error
You don't have permission to access / on this server.
Apache/2.2.16 (Debian) Server at www.bahiatursa.ba.gov.br Port 80If I route through my pfsense box at home using vpn connection and proxy through a ssh connection to linux box on my home network using firefox, then it works fine
Are you clients behind pfsense using any sort of proxy? Ie are you running squid on pfsense? Maybe they are doing some sort of proxy detection?
If I look at the headers using our proxy I see this
HTTP/1.1 403 Forbidden
Content-Encoding: gzip
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 25 Feb 2013 16:51:36 GMT
Keep-Alive: timeout=5
Proxy-Connection: keep-alive
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Via: 1.1 webwasher (Webwasher 6.9.0.11735)I have to think they are doing some sort of proxy blocking..
-
No, I in a same network Wan.
I think we're talking about a case of DNS Forwarder.
Read more about this feature of pfSense: http://doc.pfsense.org/index.php/DNS_Forwarder
[]`s
Jack -
Hi people!
I put de url in "no proxy" configuration of my browser. In Firefox it work but in IE don't work… -
So you are using proxy? How about some details of this proxy setup your using.. Sounds like you directing browsers to an explicit proxy vs transparent if you can over ride using the proxy for specific urls, etc.
How do you have proxy setup in firefox? Can you post your firefox configuration.
-
Firefox configuration
-
So why are you running the proxy like that? If you can just bypass the proxy what security does it provide? Normally if your going to run an explicit proxy, the only thing that is allowed out your network is the proxy.
If your allowing the client to bypass, then clearly your allowing direct access - so what is the point of the proxy?
What I notice in your bypass is you have bahiatursa.ba.gov.br – but are you trying to access www.bahiatursa ? I would think you would need the . in front of bhaiatursa to include all subdomains, etc.
If I was going to use an explicit proxy like that, I would prob use a pac file to at least attempt to obfuscate the details from the users, and make changes easier for another. You would only have to make the setting in one location to have all clients use the changes vs having to change every browser setup on the local machine.
