Difference between revisions of "Interface access blocked- Access Denied"

From Secure Web Gateway
Share/Save/Bookmark
Jump to: navigation, search
(Created page with " updated soon ")
 
 
Line 1: Line 1:
  
updated soon 
+
= <span class="mw-headline" id="Issues">Issues</span> =
 +
 
 +
#You may get locked out yourselves whenever you are trying to create policies in the Access Restrictions section of SafeSquid.
 +
#You suddenly get messages as Access Denied on browser
 +
 
 +
= <span class="mw-headline" id="Root_Causes">Root Causes</span> =
 +
 
 +
SafeSquid actually evaluates entries in the Access Restrictions one by one from top-down order matching each entry with the connection. Once a entry with an IP address or the user name matches a connection, the following entries will not be evaluated against that connection.
 +
 
 +
So once you are trying to create a entry in the Access Restrictions, always make sure that there is at least one entry which is going to allow you to access the web interface ([http://safesquid.cfg/ http://safesquid.cfg/]). This in other words means that there must be a entry that matches your connections and has Web interface (Config) selected from the Access field.
 +
 
 +
<u>'''Example'''</u>:
 +
 
 +
Consider a scenario wherein you have three entries in Allow list of Access Restrictions section
 +
 
 +
The first one is to access the web interface via SSH tunnel.
 +
 
 +
The second one is to allow the AUTHENTICATION BYPASS profile
 +
 
 +
The third one is the entry through which you're accessing the internet.
 +
 
 +
You have created another entry in which you have removed the Web interface in the Access field and added it. The entry is added as fourth one and you have moved it to 3rd by clicking on move up. Now the third entry matches your connections (since first is for SSH tunnels and second is for AUTHENTICATION BYPASS profile) in which you have disabled the Web interface. So you will be locked out and given a template Access Denied.
 +
 
 +
To avoid this kind of situation, you always need to maintain a entry that allows you to access the Web interface.
 +
 
 +
= <span class="mw-headline" id="Troubleshooting">Troubleshooting</span> =
 +
 
 +
You have a couple of options to get of this situation.
 +
 
 +
#If you have a possibility to restart the SafeSquid service, just do a restart. Check this '''[http://2017.swg.safesquid.com/wiki/Restart_the_SafeSquid_Service_from_Terminal Link]''' for restarting SafeSquid from the terminal(Linux box).
 +
#If you do not have a choice to restart the service, take an SSH tunnel and access the interface and correct the entries. Check this '''[http://2017.swg.safesquid.com/wiki/How_to_take_SSH_tunnel_if_you_will_be_locked_out_to_access_SafeSquid_Interface(UI) Link]''' to access the Web interface by taking an SSH tunnel.
 +
 
 +
&nbsp;

Latest revision as of 14:50, 26 October 2017

Issues

  1. You may get locked out yourselves whenever you are trying to create policies in the Access Restrictions section of SafeSquid.
  2. You suddenly get messages as Access Denied on browser

Root Causes

SafeSquid actually evaluates entries in the Access Restrictions one by one from top-down order matching each entry with the connection. Once a entry with an IP address or the user name matches a connection, the following entries will not be evaluated against that connection.

So once you are trying to create a entry in the Access Restrictions, always make sure that there is at least one entry which is going to allow you to access the web interface (http://safesquid.cfg/). This in other words means that there must be a entry that matches your connections and has Web interface (Config) selected from the Access field.

Example:

Consider a scenario wherein you have three entries in Allow list of Access Restrictions section

The first one is to access the web interface via SSH tunnel.

The second one is to allow the AUTHENTICATION BYPASS profile

The third one is the entry through which you're accessing the internet.

You have created another entry in which you have removed the Web interface in the Access field and added it. The entry is added as fourth one and you have moved it to 3rd by clicking on move up. Now the third entry matches your connections (since first is for SSH tunnels and second is for AUTHENTICATION BYPASS profile) in which you have disabled the Web interface. So you will be locked out and given a template Access Denied.

To avoid this kind of situation, you always need to maintain a entry that allows you to access the Web interface.

Troubleshooting

You have a couple of options to get of this situation.

  1. If you have a possibility to restart the SafeSquid service, just do a restart. Check this Link for restarting SafeSquid from the terminal(Linux box).
  2. If you do not have a choice to restart the service, take an SSH tunnel and access the interface and correct the entries. Check this Link to access the Web interface by taking an SSH tunnel.