Proxy Blocking apt-get, Allowing wget/curl
I'm having an issue getting passed my corporate proxy server. I had an exception put in place to allow my IP address to pass through, but haven't been able to get apt-get
to work.
wget
can get to the Ubuntu repos without any issues.
root@server:/tmp# http_proxy=http://<PROXY>:8080 wget http://us.archive.ubuntu.com/ubuntu/dists/precise-backports/multiverse/binary-i386/Packages.bz2
--2014-01-24 09:17:38-- http://us.archive.ubuntu.com/ubuntu/dists/precise-backports/multiverse/binary-i386/Packages.bz2
Resolving <PROXY> (<PROXY>)... x.x.x.25, x.x.x.24
Connecting to <PROXY> (<PROXY>)|x.x.x.25|:8080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 5178 (5.1K) [application/x-bzip2]
Saving to: `Packages.bz2'
100%[========================================>] 5,178 --.-K/s in 0.001s
2014-01-24 09:17:38 (7.78 MB/s) - `Packages.bz2' saved [5178/5178]
root@server:/tmp# ll -h
total 16K
drwxrwxrwt 2 root root 4.0K Jan 24 09:17 ./
drwxr-xr-x 23 root root 4.0K Jan 16 14:14 ../
-rw-r--r-- 1 root root 5.1K Jan 24 09:05 Packages.bz2
root@server:/tmp#
I setup my apt-conf.d proxy configurations.
root@server:/tmp# cat /etc/apt/apt.conf.d/30proxy
Acquire::http::proxy "http://<PROXY>:8080";
Acquire::ftp::proxy "ftp://<PROXY>:8080";
Acquire::https::proxy "https://<PROXY>:8080";
root@server:/tmp#
apt-get
still fails with a 403 Forbidden
error.
root@server:/tmp# apt-get update
Ign http://us.archive.ubuntu.com precise Release.gpg
<...snipped excess...>
Ign http://us.archive.ubuntu.com precise-backports/universe TranslationIndex
Err http://security.ubuntu.com precise-security/main Sources
403 Forbidden [IP: x.x.x.25 8080]
<...snipped excess...>
Err http://security.ubuntu.com precise-security/multiverse i386 Packages
403 Forbidden [IP: x.x.x.25 8080]
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/precise/main/source/Sources 403 Forbidden [IP: x.x.x.24 8080]
<...snipped excess...>
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/precise-security/multiverse/binary-i386/Packages 403 Forbidden [IP: x.x.x.25 8080]
E: Some index files failed to download. They have been ignored, or old ones used instead.
root@server:/tmp#
PROXY replaces my proxy server's FQDN
Solution 1:
The problem is with the reported user-agent. This is why the proxy worked with wget and not apt-get.
I ran tcpdump -Ai eth0 port 8080
to see what the http looked like and received a 'non approved user-agent' message from our corporate proxy.
<...snip...>
<h1>ACCESS DENIED</h1>
<p>The software you are accessing the internet with is not reporting an
approved "User-Agent"</p>
<...snip...>
The Ubuntu Manpage had a section that explains that configuration parameter.
Acquire::http::User-Agent can be used to set a different User-Agent for the http download method as some proxies allow access for clients only if the client uses a known identifier.
apt-get 307 error provided the needed syntax, you simply add the below syntax to /etc/apt/apt.conf.d/30proxy
(or whatever you choose).
Acquire::http::User-Agent "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)";
Now, apt-get updates go through flawlessly.
root@server:/etc/apt/apt.conf.d# apt-get update
Hit http://security.ubuntu.com precise-security Release.gpg
Hit http://us.archive.ubuntu.com precise Release.gpg
<...snip...>
Hit http://us.archive.ubuntu.com precise-backports/multiverse Translation-en
Hit http://us.archive.ubuntu.com precise-backports/restricted Translation-en
Hit http://us.archive.ubuntu.com precise-backports/universe Translation-en
Reading package lists... Done