Squid - 403 Forbidden (SSH via HTTP Proxy)
2024-06-03 08:29:38
@Squid
0x01 问题 - SSH via Squid - 403 Forbidden
如何排查 403 Forbidden 问题
在此例,我欲ssh from my laptop to 13.228.168.169:22 (a EC2 server) via HTTP Proxy 35.174.208.142:3128 (Squid listening on port 3128)
问题来啦
0x02 - 排查
tail -f /var/log/squid/access.logline #10, #11
CONNECT 13.228.168.169:22 (TCP_DENIED).
[root@ip-172-31-55-111 ec2-user]# tail -f /var/log/squid/access.log
1599364932.853 171860 112.199.148.226 TCP_TUNNEL/200 22517 CONNECT www.google-analytics.com:443 - HIER_DIRECT/172.217.2.110 -
1599364933.864 207353 112.199.148.226 TCP_TUNNEL/200 398104 CONNECT www.google.com:443 - HIER_DIRECT/172.253.63.106 -
1599364933.864 171453 112.199.148.226 TCP_TUNNEL/200 3643 CONNECT stats.g.doubleclick.net:443 - HIER_DIRECT/172.217.197.155 -
1599364935.881 171964 112.199.148.226 TCP_TUNNEL/200 4101 CONNECT px.ads.linkedin.com:443 - HIER_DIRECT/108.174.10.14 -
1599364960.904 116222 112.199.148.226 TCP_TUNNEL/200 4748 CONNECT firefox.settings.services.mozilla.com:443 - HIER_DIRECT/52.85.144.53 -
1599364995.637 61537 112.199.148.226 TCP_TUNNEL/200 3792 CONNECT incoming.telemetry.mozilla.org:443 - HIER_DIRECT/34.210.106.102 -
1599364995.638 61538 112.199.148.226 TCP_TUNNEL/200 3792 CONNECT incoming.telemetry.mozilla.org:443 - HIER_DIRECT/34.210.106.102 -
1599365365.628 19 112.199.148.226 TCP_MISS/200 893 POST http://ocsp.pki.goog/gts1o1core - HIER_DIRECT/172.217.13.227 application/ocsp-response
1599365444.156 0 112.199.148.226 TCP_DENIED/403 3904 CONNECT 13.228.168.169:22 - HIER_NONE/- text/html
1599365547.623 0 112.199.148.226 TCP_DENIED/403 3904 CONNECT 13.228.168.169:22 - HIER_NONE/- text/html
sudo vi /etc/squid/squid.conf
发现 Port 22 并不在 SSL_Ports 默认值之内 (line #1 只有443)
last linehttp_access deny CONNECT !SSL_ports, 非443, 都被denied
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
0x03 更改配置
- 加入
acl SSL_Ports port 22
acl SSL_ports port 443
acl SSL_Ports port 22 # 加入此行
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
- restart squid
systemctl restart squid
0x04 从新用 Putty SSH
ssh 成功 !!!
Squid access.log 如下
[root@ip-172-31-55-111 ec2-user]# systemctl restart squid
[root@ip-172-31-55-111 ec2-user]# tail -f /var/log/squid/access.log
1599369354.379 101 112.199.148.226 TCP_MISS/200 551 GET http://detectportal.firefox.com/success.txt? - HIER_DIRECT/23.40.62.19 text/plain
1599369354.379 100 112.199.148.226 TCP_MISS/200 551 GET http://detectportal.firefox.com/success.txt? - HIER_DIRECT/23.40.62.19 text/plain
1599369354.615 2 112.199.148.226 TCP_MISS/200 551 GET http://detectportal.firefox.com/success.txt? - HIER_DIRECT/23.40.62.19 text/plain
1599369354.615 2 112.199.148.226 TCP_MISS/200 551 GET http://detectportal.firefox.com/success.txt? - HIER_DIRECT/23.40.62.19 text/plain
1599369359.708 86630 112.199.148.226 TCP_TUNNEL/200 3865 CONNECT push.services.mozilla.com:443 - HIER_DIRECT/34.218.33.223 -
1599369478.298 203775 112.199.148.226 TCP_TUNNEL/200 5476 CONNECT firefox.settings.services.mozilla.com:443 - HIER_DIRECT/52.85.144.53 -
1599370050.123 0 112.199.148.226 TCP_DENIED/403 3904 CONNECT 13.228.168.169:22 - HIER_NONE/- text/html
1599370176.808 94936 112.199.148.226 TCP_TUNNEL/200 3680 CONNECT 13.228.168.169:22 - HIER_DIRECT/13.228.168.169 -
1599370193.031 116848 112.199.148.226 TCP_TUNNEL/200 4748 CONNECT firefox.settings.services.mozilla.com:443 - HIER_DIRECT/52.85.144.53 -
1599370356.215 50 112.199.148.226 TCP_MISS/200 893 POST http://ocsp.pki.goog/gts1o1core - HIER_DIRECT/172.217.8.3 application/ocsp-response
0x04 - 用 Mobaxterm & cockscrew
- Install cockscrew
06/09/2020 13:51.14 /home/mobaxterm apt-get install corkscrewDISCLAIMER:This will download and install third-party software packages, distributed by
the Cygwin Project, from online Cygwin repositories.
These software packages are distributed under their own terms available here:
http://mirrors.kernel.org/sourceware/cygwin/x86/release
Third-party software packages are neither developed nor distributed by Mobatek.
In no event shall Mobatek be liable for any direct, indirect, incidental,
special, exemplary, or consequential damages (including, but not limited to,
procurement of substitute goods or services, loss of data or profits, computer
virus infection, or business interruption) however caused and on any theory of
liability, whether in contract, strict liability, or tort (including negligence
or otherwise) arising in any way out of the use of these third-party software
packages, even if advised of the possibility of such damage.
By typing "y", you agree to use these third-party programs at your own risks.Type "y" to continue or any other key to exit: yThe following packages will be installed:
- corkscrew v2.0-1 (16 kB): Tunnel TCP connections through HTTP proxies
- cygwin v3.0.4-1 (1949 kB): The UNIX emulation engine➤ Type "y" to download and install these packages (1.92 MB): y- Downloading package rebase-4.4.4-1.tar.xz [OK]
- Installing package rebase-4.4.4-1.tar.xz [OK]
- Downloading package cygwin-3.0.4-1.tar.xz [OK]
- Installing package cygwin-3.0.4-1.tar.xz [OK]
- Downloading package corkscrew-2.0-1.tar.bz2 [OK]
- Installing package corkscrew-2.0-1.tar.bz2 [OK]
- Executing postinstall scripts [OK] 06/09/2020 13:52.11 /home/mobaxterm corkscrew
corkscrew 2.0 (agroman@agroman.net)usage: corkscrew <proxyhost> <proxyport> <desthost> <destport> [authfile] 06/09/2020 13:52.16 /home/mobaxterm vi ~/.ssh/config- 创建
~/.ssh/config如下 。
- ssh 成功 !!
参考
cockscrew
Squid - 403 Forbidden (SSH via HTTP Proxy)相关推荐
- 解决github push错误403 Forbidden while accessing
业务场景 我原来在github上创建了一个repository,名称为github_test,我上传了一些文件.但是几年后,我想再次利用该repository,更新并上传文件. 我在一台虚拟机上面gi ...
- 关于Linux访问web遇到403 Forbidden的问题
问题: 大数据平台的集群监控地址是通过一个代理(ip:port)访问,在windows环境下设置代理是可以正常访问: 但在linux环境下设置了代理却不能访问:telnet和ping代理是可以,但cu ...
- 各种HTTP返回错误代码大全 HTTP 403 Forbidden / 404 Not Found / 500 Internal Server Error / 502 Bad Gateway / 50
转载自:http://targetcn.com/?p=52#comment-90 现在上网经常发现各种不能访问的页面,搜索引擎里看的到点开链接却404了,聪明的你当然知道看搜索引擎缓存页面啦,但是你是 ...
- nginx 403 forbidden 二种原因
1,缺少index.html或者index.php文件 server { listen 80; server_name localhost; index index.php index ...
- [Hihocoder 1289] 403 Forbidden (微软2016校园招聘4月在线笔试)
传送门 #1289 : 403 Forbidden 时间限制:10000ms 单点时限:1000ms 内存限制:256MB 描述 Little Hi runs a web server. Someti ...
- img 标签 访问图片 返回403 forbidden问题
之前在项目里,本地调试的时候,图片src引用了第三方网站的图片资源,导致控制台出现了如下的报错: 403 forbidden,说明了这个网络资源这样获取是被拒绝的,那么通过简单的百度,找到了相关的解决 ...
- 解决github push错误The requested URL returned error: 403 Forbidden while accessing(转)
github push错误: git push error: The requested URL returned error: 403 Forbidden while accessing https ...
- 配置https后访问返回403 forbidden
今天在配置https的时候配置好,http能访问,https访问返回403 forbidden: 网上找了很多,改nginx.conf的user的 修改配置文件的 其实就是权限问题,是网站根目录的权限 ...
- urllib2.HTTPError: HTTP Error 403: Forbidden的解决方案
在使用python爬取网络爬虫时,经常会以为目标网站因为禁止爬取网络爬虫而出现403 Forbidden的错误 问:为什么会出现403 Forbidden的错误 答:出现urllib2.HTTPErr ...
最新文章
- python读取数据文件-python多种读写excel等数据文件的方式(收藏篇)
- c语言我国有13亿人口,计算机二级循环结构课件.ppt
- PHP设计模式--数据访问对象模式
- sql语句提高数据库查询效率
- SSL Kafka经纪人从Kafka Mirror Maker迁移到Brooklin的挑战
- 二十个让你泪流满面的瞬间
- 机器视觉牛人及其相关领域分类科普
- ieee754标准_比特与信息在计算机中的表示及补码和浮点数的IEEE 754标准
- 2017 最新qq登录算法
- inner join 和outer join的区别
- HBase in Practice - 性能、监控及问题解决
- loadrunner Error code:10053
- 计算机认识新朋友教案,幼儿园认识新朋友教案
- DHU OJ 27 约瑟夫环
- 《剑来》经典语录摘抄
- 计算机专业英语教程第五版课文,计算机专业英语教程阅读
- 2021年煤矿安全检查考试APP及煤矿安全检查找答案
- 需求、需求分析、设计 思想
- 如何低成本的搭建一个真实的Kubernetes集群
- 大智慧交易系统测试软件,趋势交易!大智慧测试最佳交易系统