[Owncloud] Proxy-firewall denies windows-client

Wed May 29 09:35:54 UTC 2013

We analyzed the issue and it was indeed a (not that uncommon) rule in the firewall/proxy solution that mandated the presence of "Mozilla" and "Windows". The solution was to change the user agents to the style "Mozilla/5.0 ($OS) mirall/x.x.x". After that, the proxy happily accpted basic auth.

This way, at least the Windows client will work. I was willing to make that sacrifice because I am aware of at least one mobile ISP that checks for user agents (of course the real fix is to encrypt your traffic with SSL, but some choose not to). I am not willing to hardcode "Windows" though when its not (Linux, OS X). This makes debugging hell ("What, you are using Mac OS? The server logs indicate you are using a Windows client!").

IMHO, User-Agent filtering is even more retarded than blocking ports (claim to fame: all modern malware is using port 80 today, making it even harder to detect), but at least that makes ownCloud client work in a "slightly paranoid default corporate setting".

Daniel

Am 29.05.2013 um 10:37 schrieb Marcos Mezo:

> I'm just a follower of the mailing list and testing OwnCloud myself for a few months, so no expert here.
> 
> From what I see ,you are using a proxy and when using the web browser it validates "automagically" with NTLM.
> 
> As far as I know, but maybe things have changed, with client version 1.2 onwards proxy auth is supported, but only with basic authentication, not with NTLM. Quoting a mail from this mailinglist from 17/1/2013:
> ------
> today we released the ownCloud Client 1.2.0 beta 2 which includes the following improvements and new features since beta 1:
> 
> - Fix proxy authentication (Basic auth, NTLM will not yet work)
> - The status dialog now provides statistics on the last sync run (via the info button)
> ------
> 
> I have not seen any further anouncements regarding this issue, so I asume it might not be working yet.
> 
> ¿Does this make sense?
> 
> Marcos
> 
>> Hey!
>> I would like to setup the owncloud-windows-clients in a company. (The companies internet goes through a firewall)
>> I have a nginx webserver set up and I can connect to owncloud using the windows client from home.
>> However, when I connect from the company, the windows-client gets http error 403 (forbidden) responded.
>> Therefore I can still use the webclient in the company though. I made some screenshots of wireshark sniffs where you can see the difference, between the access:
>> https://www.dropbox.com/sh/4tu6ftcnhogfogi/YWvfL6vwIG
>> (I hope you excuse dropbox ;) )
>> Watching these files lets me assume, that the http user-agent might be responsible for this firewall behaviour.
>> 
>> Does anyone have further informations for this kind of problem?
>> 
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

--
www.owncloud.com - Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130529/9d4dfe02/attachment.html>