WinGate Forums

[shade]

Hi all
I have installed Wingate 6.6.4 Build 1338. I originally set up clients to access the web through the WinGate proxy.
Authentication requirement is "Basic" under the General tab in the WWW Proxy and "User may be assumed" in the Properties for each user under the Policies tab. "Default rights" in WWW Proxy policy set up "are ignored".

For example, there are 2 users in Policies tab
User1: Advanced tab - Specify which requests this recipient has rights for - This criterion is met if - HTTP URL contains google
User2: Advanced tab - Specify which requests this recipient has rights for - This criterion is met if - HTTP URL contains twi

What I want is user1 can access only to google and user2 can access only to twitter.
But both user1 and user2 can access to google and twitter at the same time ( Other sites are unavailable).

What am I doing wrong here?

[adrien]

Hi

When the users show up in GateKeeper do they show as authed? Or just guest?

Regards

Adrien

[shade]

As far as I understand, users are authed

111.JPG (187.73 KiB) Viewed 5672 times

From WWW Proxy server.log:

01/31/11 14:21:37 100.100.100.2 Guest 0000000077 Created:
01/31/11 14:21:37 100.100.100.2 Guest 0000000077 Error: responding with code 407 Proxy authorization required
01/31/11 14:21:37 100.100.100.2 Guest 0000000077 Traffic 1109 603 0 0 0s
01/31/11 14:21:38 100.100.100.2 user1 0000000077 Requested: http://www.google.com.ua/
01/31/11 14:21:39 100.100.100.2 user1 0000000077 Traffic 12555 644 597 12580 2s
01/31/11 14:21:39 100.100.100.2 user1 0000000077 Traffic 0 0 0 0 0s
01/31/11 14:21:39 100.100.100.2 user1 0000000077 Terminated exit code 0
01/31/11 14:21:39 100.100.100.2 user1 0000000078 Created:
01/31/11 14:21:39 100.100.100.2 user1 0000000078 Requested: http://www.google.com.ua/compressiontest/gzip.html
01/31/11 14:21:39 100.100.100.2 user1 0000000079 Created:
01/31/11 14:21:39 100.100.100.2 user1 0000000079 Requested: http://clients1.google.com.ua/generate_204
01/31/11 14:21:39 100.100.100.2 user1 0000000078 Traffic 651 713 666 721 0s
01/31/11 14:21:39 100.100.100.2 user1 0000000078 Traffic 0 0 0 0 0s
01/31/11 14:21:39 100.100.100.2 user1 0000000078 Terminated exit code 0
01/31/11 14:21:39 100.100.100.2 user1 0000000080 Created:
01/31/11 14:21:39 100.100.100.2 user1 0000000079 Traffic 155 541 494 150 0s
01/31/11 14:21:39 100.100.100.2 user1 0000000080 Requested: http://www.google.com.ua/csi
01/31/11 14:21:40 100.100.100.2 user1 0000000080 Traffic 245 730 683 240 1s
01/31/11 14:21:42 100.100.100.2 user1 0000000079 Requested: http://twitter.com/
01/31/11 14:21:44 100.100.100.2 user1 0000000080 Requested: http://a2.twimg.com/profile_images/1090 ... normal.JPG
01/31/11 14:21:45 100.100.100.2 user1 0000000080 Traffic 1919 323 276 1914 5s
01/31/11 14:21:45 100.100.100.2 user1 0000000080 Requested: http://widgets.twimg.com/j/2/widget.css
01/31/11 14:21:45 100.100.100.2 user1 0000000080 Traffic 113 386 339 46 0s
01/31/11 14:21:45 100.100.100.2 user1 0000000080 Requested: http://widgets.twimg.com/i/widget-logo.png
01/31/11 14:21:45 100.100.100.2 user1 0000000080 Traffic 113 389 342 46 0s
01/31/11 14:21:45 100.100.100.2 user1 0000000080 Requested: http://twitter.com/favorites/toptweets.json
01/31/11 14:21:45 100.100.100.2 user1 0000000079 Traffic 46088 665 618 46083 6s
01/31/11 14:21:45 100.100.100.2 user1 0000000079 Requested: http://ajax.googleapis.com/ajax/libs/jq ... ery.min.js
01/31/11 14:21:46 100.100.100.2 user1 0000000079 Traffic 55337 311 264 55362 1s
01/31/11 14:21:46 100.100.100.2 user1 0000000079 Traffic 0 0 0 0 0s
01/31/11 14:21:46 100.100.100.2 user1 0000000081 Created:
01/31/11 14:21:46 100.100.100.2 user1 0000000079 Terminated exit code 0
01/31/11 14:21:46 100.100.100.2 user1 0000000081 Requested: http://a3.twimg.com/a/1296265969/images ... ointer.gif
01/31/11 14:21:47 100.100.100.2 user1 0000000081 Traffic 682 301 254 677 1s
01/31/11 14:21:47 100.100.100.2 user1 0000000081 Requested: http://www.google-analytics.com/ga.js
01/31/11 14:21:47 100.100.100.2 user1 0000000080 Traffic 35298 897 850 35293 2s
01/31/11 14:21:47 100.100.100.2 user1 0000000081 Traffic 25053 290 243 25078 0s
01/31/11 14:21:47 100.100.100.2 user1 0000000081 Traffic 0 0 0 0 0s
01/31/11 14:21:47 100.100.100.2 user1 0000000081 Terminated exit code 0
01/31/11 14:21:47 100.100.100.2 user1 0000000080 Requested: http://www.google-analytics.com/__utm.gif
01/31/11 14:21:47 100.100.100.2 user1 0000000082 Created:
01/31/11 14:21:47 100.100.100.2 user1 0000000082 Requested: http://www.google-analytics.com/__utm.gif
01/31/11 14:21:47 100.100.100.2 user1 0000000080 Traffic 360 588 541 355 0s
01/31/11 14:21:47 100.100.100.2 user1 0000000080 Requested: http://www.google-analytics.com/__utm.gif
01/31/11 14:21:48 100.100.100.2 user1 0000000082 Traffic 360 582 535 355 1s
01/31/11 14:21:48 100.100.100.2 user1 0000000080 Traffic 360 695 648 355 1s
01/31/11 14:21:52 100.100.100.2 user1 0000000082 Failed authorisation: http://www.wikipedia.org/
01/31/11 14:21:52 100.100.100.2 user1 0000000082 Error: responding with code 403 Access Denied
01/31/11 14:21:52 100.100.100.2 user1 0000000082 Traffic 1005 402 0 0 4s
01/31/11 14:21:52 100.100.100.2 user1 0000000082 Traffic 0 0 0 0 0s
01/31/11 14:21:52 100.100.100.2 user1 0000000082 Traffic 0 0 0 0 0s
01/31/11 14:21:52 100.100.100.2 user1 0000000082 Terminated exit code 0

The registry branch HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights]
"RightType"=dword:00000000
"IncludeDefaultRights"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0]
"UserName"="user1"
"Description"="Restricted by security level; request"
"SpecifyUser"=dword:00000001
"SpecifyLocation"=dword:00000000
"SpecifyTime"=dword:00000000
"SpecifyBan"=dword:00000000
"SpecifyRequest"=dword:00000001
"MinimumSecurityLevel"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\BanFilter]
"Name"=""
"Description"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0]
"Name"="Filter 1"
"Description"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0\Criterion0]
"Name"=""
"Description"="Server name contains \"google\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:00000002
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
"strData"="google"

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\TimeFilter]
"Name"=""
"Description"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1]
"UserName"="user2"
"Description"="Restricted by security level; request"
"SpecifyUser"=dword:00000001
"SpecifyLocation"=dword:00000000
"SpecifyTime"=dword:00000000
"SpecifyBan"=dword:00000000
"SpecifyRequest"=dword:00000001
"MinimumSecurityLevel"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\BanFilter]
"Name"=""
"Description"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0]
"Name"="Filter 2"
"Description"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0\Criterion0]
"Name"=""
"Description"="Server name contains \"twi\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:00000002
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
"strData"="twi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter]
"Name"=""
"Description"=""


Is there anything else I need to check?

[adrien]

Hi

looks like this is a bug in WinGate. Your policies are set up correctly.

It's related to second-chance checking of username in policy, if there's one recipient would grant access to a site if the user was a different one, it gives the user another chance.

This is one of the reasons we re-wrote policy for WinGate 7.

Sorry - the only fix I know of for WinGate 6 would be to use a higher level of auth (e.g. NTLM), and set required security level in policy to authenticated.

Regards

Adrien

[shade]

Hi! Thanks for your help, Adrien.

The best for me will be use wingate7
We have purchased a license for version 6.6, but have not yet activated it.
In this regard, the question arises as to whether it is possible to use license key from version 6.6 to 7? Will it work?

Please give me some advice how best to act? Or whom will I address this question?

[adrien]

Hi

If you send an email to support@wingate.com we can send you a link to the beta and supporting information.

Your 6.x key will activate in WinGate 7. We plan to change this in future and require upgrades, but people with current version protection (or who have previously renewed version protection) will be able to do so without cost. the reason for the break with tradition in this respect is that there are so many new features and some cannot be with-held due to license version without making WinGate 7 inoperable, so if we allowed old keys to be used, it would be giving a lot of new features away.

Regards

Adrien