Firefox is not using proxy authentication for several services
Categories
(Core :: Networking: Proxy, defect)
Tracking
()
People
(Reporter: stefan_matthaeus, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Steps to reproduce:
Checking our SIEM (monitoring) where I found the issue. The SIEM monitors also proxy events (trellix/ex.mcafee) and it was listing a lot of "Failed to access via proxy: Reason: ProxyAuthenticationRequired (no user)" events from the proxy syslog with my personal workstation as the client. (it also could be seen for other clients). So I extracted the list of domains from the SIEM and removed the other domains (also from different google things) that you only get those realted to firefox and addons. Here we are:
api.accounts.firefox.com
classify-client.services.mozilla.com
content-signature-2.cdn.mozilla.net
contile.services.mozilla.com
detectportal.firefox.com
download-installer.cdn.mozilla.net
easylist.to
firefox-api-proxy.cdn.mozilla.net
firefox-settings-attachments.cdn.mozilla.net
firefox.settings.services.mozilla.com
location.services.mozilla.com
normandy.cdn.mozilla.net
profile.accounts.firefox.com
push.services.mozilla.com
shavar.services.mozilla.com
spocs.getpocket.com
sync-1-us-west1-g.sync.services.mozilla.com
token.services.mozilla.com
token.services.mozilla.com/1.0/sync
tracking-protection.cdn.mozilla.net
ublockorigin.github.io
ublockorigin.pages.dev
The authentication is through active directoy user account and the proxy is assigned via a proxy.pac ruleset which is setup in the connecttion settings in Firefox.
Actual results:
As a user Firefox seems to operate normal, I can browse websites and FF uses user authentication on the Proxy. But it looks like that many backround tasks may not work properly as the proxy refuses them as no username/password is provided to the proxy. These accesses are like addon updates (ublock origin + easylist), pocket, and so on. As I told above, I have removed all none-mozilla/none-firefox/none-addon related URLs from the SIEM list and removed all doubles. In total there were about 1800 blocked web accesses to different URLs by firefox on that proxy just for my workstation. All were of the "Failed to access via proxy: Reason: ProxyAuthenticationRequired (no user)" classification of our SIEM. This can also be seen for many many other workstaions where I know that these users are using Firefox (instead of Chrome/Edge).
Expected results:
Authenticate at the proxy with user account for anything.
|
||
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Firefox::Sync' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
Reporter | |
Comment 2•2 years ago
|
||
Hello, it's not firefox sync, as bookmark syncing is working.
|
||
Updated•2 years ago
|
|
||
Comment 3•2 years ago
|
||
Hi Stefan,
I expect that this is a recent regression.
Could you use https://mozilla.github.io/mozregression/ to help us narrow down when it started?
Let me know if you encounter any issues with the tool and we'll try to assist you.
Thanks!
|
|
Reporter | |
Comment 4•2 years ago
|
||
Hello, I am sorry but I have no permission to install this tool on my company PC. It would first need a software-permission-process in the company. Maybe you can reproduce it with another proxy which requires AD authentication.
Hi,
I have a couple questions.
- Does this happen with other browsers?
- Does this occur with a fresh profile?
Thanks!
|
||
Comment 6•2 years ago
|
||
Moving bug to Core/Networking: Proxy.
|
||
Comment 7•2 years ago
|
||
Hello Stefan,
Do you have any updates new updates.
Are you still observing this issue?
|
|
||
Updated•2 years ago
|
|
|
Reporter | |
Comment 8•7 months ago
|
||
Looks like it has been fixed in some ways, we don't see this behaviour anymore.
Description
•