View Full Version : USPS & UPS Shipping Problems Somewhat Resolved

07-12-2004, 04:47 PM
While reading about all the problems with the USPS and UPS shipping not bringing up costs, etc. It gave me time to think and one message on the forum helped me confirm my idea. If you are still having problems getting out to the USPS and UPS sites on your server, the problem might be a firewall or proxy server. This is of course, your server is behind a firewall/proxy server.

I have my osCommerce site hosted at my employers with a static one to one translation (real world IP to internal only). The problem I didn't realize was that when connecting to the USPS and UPS sites was an actual website that. Our network goes thru a Websense Proxy server and a Cisco Pix firewall. All traffic that is destined for the Internet has to go thru the Pix first. There is a command that forwards all traffic to our Websense server. This websense server requires authentication to access the Internet. So if you are on your computer, you open up your favorite browser, and a login prompt comes up. I type my user name and password, and can get out on the net. The same thing was happening to the unix server that I am using for my site.

Now, osCommerce doesn't have an area to put in a username/password for authentication (would be nice), so right now, I had to turn off authentication for testing purposes. I am working right now on the command to hopefully bypass the proxy server for that specific IP address. But I am guessing it will be the same for others. Pix itself can require authentication if setup properly and other servers may also. This is something that you will have to find out before you can go further.

As for the developers of Max/osCommerce, I request a config area under the admin site to type this in. Unless somebody knows a place in Linux to put this information in?


07-13-2004, 07:34 AM
You have to route that server's internal IP thru the Proxy and Pix firewall with no AUTHENTICATION. Your fire wall should be able to allow this. Put in an exception or rule based on the static internal IP.

Cause this was an added layer (which is non-standard - will and can change from vendor to vendor) to access the internet there is not going to be a "config area" to enter this infomation into. It would be a custom one of a kind programing item.

07-13-2004, 02:09 PM
Already done that with the url filter command on the Pix. But a lot of people here probably don't know how to configure the Pix firewall or deal with the proxy server. That is why it was a recommendation.

07-19-2004, 07:53 AM
Most internet SERVERS are not behind a firewall that need to be USER AUTHENICATED as there is normally no "live" user sitting at the server.... If a firewall/server is properly configured then the out going request - should not be from a ZOMBIE/VIRUS/HACK etc... Besides - setting up user authentication though an automated system - defeats the WHOLE purpose..... The HUMAN element.

Setting up the firewall to only allow the server access to certain IP or DNS is normally suffencent - as any system hack could use your "workaround" to gain access anyway (which is also potentally dangerus to your whole network if not configured properly-as all your internal systems could be hacked via your "public" server and use this "workaround" on all stations to become ZOMBIEs) - but with a properly configured firewall - atleast they be limited to accessing only a limited IP/DNS servers anyway (if hacked and turned into a ZOMBIE).

Any one WHO setups a INTERNET accessable "public" server behind a firewall should be confinate to configure such equipement to gain the required access to the internet - including any routers or firewall. I am not trying to put you down (I don't even know you) - just stating the fact that some people are setting up public servers who are not setting them up properly cause of lack of knowledge and should NOT set setting up such systems without (or atlease consult) a professional person who DOES have the the knowlege and the know how.

99.9% of the people who use systems like OSC, PHPNUKE and the likes - are on a HOSTED or some kind of managed system where the configuration, setup and support of the systems are done by knowledgable techs who do this for a living.

I have both HOSTED and my own "self managed" servers (that are anywhere from 2 to 25 feet away from me) that server public webpages - but when need be - a local tech company is consulted that knows the WHOLE configuration and will configure if need be (mostly for compiling programs into linux - which I refuse to do - lack of experance in that part). Most of the time is is just consultation fees - but we do the majority of the work. They are also a HOSTING company - so they know the ins and outs.