Problem accessing Spotify via web browser app through Squid
-
Are there any settings that can make this work through a proxy? I cant even get logged into Spotify using my local squid. Same thing if I ssh into pfense and set up a local socks proxy on my windows machine with putty.
If I disable proxy settings in my browser and let things go via default routing, it does work, but for normal operations, I need my browser to use that proxy.
Not even sure what logs to start with
-
@oldschoolrouterjockey
You're most likely MITM yourself. I get it, want to peek inside a TLS session but some sites (majority) wont work for numerous reasons such as certificate pinning.
Either way you need to whitelist the site. Thats it. -
@michmoor actually nothing as extensive as that; I'm just doing a simple squid with the Transparent HTTP Proxy option set, and not setting the HTTPS/SSL Interception, so not doing any MITM. or at least I think not. I mean non of my banking sites or anything TLS related ever complains about invalid certs.
-
@oldschoolrouterjockey
Yep , transparent proxy is also an issue as well.-
Squid Proxy will be depreciated in future releases on pfSense so its best to start moving away from it. see here
-
Transparent proxy on pfsense is currently broken. See here
Your option is to create an alias, call it 'BypassProxy' and put the spotify IP(s) in there. Then go to your Squid configuration and in the 'Bypass Proxy for These' put in the alias you created. You dont want that traffic going through a proxy. Also ensure that you have port 443 open in your firewall rules so that bypassed traffic can go outbound.
-
-
@michmoor
OK I did all that, I added a ton of different spotify hosts I found in a HAR trace to the firewall alias I created then added that alias to the bypass. It didnt really help anything though so I then added my local ip address to the bypass for the source IP option. Still didnt help.(im going to make a new post as now I have a TON more questions on squid/proxy/transparent in general)
So I just disabled squid completely and went back to trying to use the local dynamic socks option via ssh to my local pfsense, and found that sometimes I can get logged in. Sometimes. But then after I do get logged then then things only seem to sort of work, sort of. It takes a few minutes after clicking play on something for its audio to actually start. Then if a commercial ever comes on, after its over it takes a few mins to start playing again. Its just really strange and is making me question all I think I know about networking, proxy, etc.
So even using the dynamic proxy, somehow they know? Or maybe is not so much as "they know and are intentionally trying to cause problems when people use proxies" as much as something is just weird going on?
-
Forward proxies being notoriously difficult to troubleshoot and are known to be problematic in web browsing do initially seem like the culprit in your setup. As you said you added the IPs to the Bypass List and it still isnt working correctly therefore it isnt Squid causing an issue. My next question would be do you have any browser extensions that could be at play here? What happens when you go into incognito mode in the browser?
-
@oldschoolrouterjockey said in Problem accessing Spotify via web browser app through Squid:
(im going to make a new post as now I have a TON more questions on squid/proxy/transparent in general)
With this update upcoming : Deprecation of Squid Add-On Package For pfSense Software ?
-
@michmoor said in Problem accessing Spotify via web browser app through Squid:
Forward proxies being notoriously difficult to troubleshoot and are known to be problematic in web browsing do initially seem like the culprit in your setup. As you said you added the IPs to the Bypass List and it still isnt working correctly therefore it isnt Squid causing an issue. My next question would be do you have any browser extensions that could be at play here? What happens when you go into incognito mode in the browser?
OK So I loaded a brand new FF profile, zero extensions on it, then set the FF config proxy settings to socks (localhost:3128 to correspond to my local SSH session to my netgate), also set the proxy dnx when using socksv5. I can login to spotify just fine, but still takes nearly 2 minutes after hitting play to actually have a stream of music. I can then pause/play instantaneously, but forwarding to the next song again gets me the 2 minute wait.
With the corp vpn disconnected and FF proxy settings set to direct, it all works fine as youd expect.
-
@oldschoolrouterjockey
So the problem isnt with pfSense or Squid.
Im sure you have a specific use case to go through a socks proxy but that could be whats causing you the pain.
Or you are visiting the site while on the corp vpn.
In either case a direct connection through pfsense doesnt cause an issue it seems.
