7084 Views Previous 1 2 Next 18 Replies Latest reply: Sep 24, 2008 10:34 AM by kreynen Go to original post
I am having the same problem with parental controls. I teach at a high school and want to have parental controls turned on in the lab. Firefox doesn't work properly on the managed accounts.
I was just checking to see if you figured a way around using parental controls and having Firefox work properly...
Hello. I provide part time IT support for an urgent care clinic and this issue has driven the staff nuts and all but put out a witch hunt for me! Last week, I upgraded all 3 of their computers (2 iMacs and a MacBook) to 10.5.4 and also Firefox 3 after I thought I had tested everything out pretty thoroughly beforehand. It turns out that, ever since I applied the most recent security update, they can no longer access a handful of https (secure) websites. (The first build of 10.5.4 did not present this problem, it's only been since the latest security update.) They have to interact with insurance verification websites and several of them are https which would either never load or load extremely slowly.
Two additional IT consultants and 3.5 hours later, we finally figured out that the problem was with not only parental controls, but the standard user in general. If you just turn off parental controls, you may be able to access some of the https websites, but only very very slowly. In a busy clinic, they have no time to waste waiting for sites to load. (despite how I suggested they load all 8 sites in tabs and keeping them running to save time.) The only thing that worked was to convert the user account to Administrator which, automatically turns off parental controls.
Normally, and ideally, I have an admin account set up that only myself and the business manager have access to used for maintenance, software upgrades, etc. The staff log in to a standard/manager user account on each machine where Parental Controls were turned on so they could not accidentally drag icons out of the Dock and panic thinking they deleted something. (which happens quite frequently with all of the different untrained people interacting with the computers.) (It just needs to work and in the least amount of clicks possible.)
I'm not sure if this matters, but two of the iMacs are set up with a manually configured static IP address because I thought, at the time, it would be more secure, give me VPN or remote access, and at the time, last year when I set this up, there was an issue w/the router firmware that necessitated setting static IP addresses. What I can't understand is that the laptop is connected via secure wifi, does NOT have a static IP and when I last tested it, was loading the same problematic https sites fine without having to change the user to admin, just turning off parental controls unlocking the Dock worked. But, just today (took them a while to return my inquiry for more information other than "it doesn't work.") staff reported getting the above error when trying to access their webmail accounts using Firefox 3. Safari seems to work sometimes. Not sure why the secure https websites would load fine, but yet not the webmail accounts. Maybe those sites have some other type of security layer? All I know is it's broken and the staff is furious.
The only solution so far that will allow all of the computers — whether they be hard-lined, wireless, static or dynamic — to access secure websites is to turn off parental controls and make what used to be a standard user now an Administrative account! This is the only thing that seems to work. I do not like this at all. I want them to be able to log in to a managed/standard account AND be able to access QUICKLY the secure websites they need to access for business. (like they used to do)
It doesn't matter whether they use Firefox 3 or Safari. They use whatever will let them in for whichever website and it frustrates them to no end when it doesn't work.
So, just trying to use process of elimination, the problem may or may not have something to do with the combination of: standard user accounts with parental controls turned on who may or may not be configured to use static IP addresses while trying to access secure websites using Firefox 3 or Safari. Both browsers seem to handle the error reporting differently which further confuses people as to what the actual problem is.
I no longer feel secure from any angle with this situation and I hope Apple addresses this soon so we can all get back to business — securely!
For the longest time I was unable to duplicate this problem on my laptop to see what the difference might be and when I saw this thread, I got excited thinking I wasn't losing my marbles and posted my previous response because I thought it might help someone with the same problems I was having. But after posting, the juju became invoked and I got another idea.
I kept thinking about the static IP thing. Something just didn't seem right. Why was I able to access these websites at home using wifi with no problems?? The Leopard 10.4.5 upgrade with security & Firefox 3 combo never presented a problem to me personally because I was never unable to do my personal banking and bill paying on secure https sites. It had been some time I had the need to plug into my router directly, so I was always using wifi/dynamic IP. The problem never presented itself to me so it wasn't until I had freaked out staff members calling me that I was aware there was even an issue. So the problem was localized at the site I support. Something had to be radically different. What was it?
The only difference was the static IP, residential vs business bandwidth (with external static IP issued by the ISP and configured on the router as per their tech support.) and the fact that I did not have parental controls enabled on my personal machine and user. (I know what to do if something goes poof from the Dock and don't have a panic attack!!!) Everything else so far as software versions & builds was the same.
Other resources I consulted with said that the static IP shouldn't matter since we could localize the issue to the type of user mode and parental controls issue that had been previously documented by other reports.
I just did *another round* of testing since this is still bugging me. This time I was able to duplicate the problem and it does seem to have something to do with having a manually configured static IP set on the Mac in the Network Preferences pane.
To do this test, I logged in as admin, turned off airport, plugged in an ethernet cable and manually configured a static IP on my MacBook Pro. Then I enabled Parental Controls on my personal standard user account. When I tried to visit the https websites in question, either they loaded extremely slowly or I got the message "the connection to 'xyz website' was interrupted while the page was loading." At this point, I'm not sure if it's the static IP or the parental controls, so I left the static IP be and turned off parental controls by re-checking the boxes I had previously unchecked. Turns out that simply checking on and off boxes does not really disable Parental Controls when you're doing this quick testing logging in and out and restarting. You have to physically click on the gear icon in the lower left corner of the parental controls preference pane and select "disable parental controls." I think this perhaps may be the reason we thought that making the standard account an admin account solved the problem. We were just checking and un-checking boxes. Turns out you can leave the user account standard after all. Disabling Parental Controls via the gear icon drop down is what actually puts it back into the non-parental control state. (smacking myself up the head for not thinking of that one earlier.)
So, static IP+managed user with Parental Controls = no longer works to access https websites. (Both Safari and Firefox 3 have issues with this) So whatever security update or patch Apple released recently, broke the ability to use static IP with parental controls.
For my next test, I changed the static IP network connection to Automatic (dynamic) and restarted the computer just for good measure. (kept airport turned off.) This time I left Parental Controls turned on but only unchecked the box "can modify the Dock" — meaning I want the Dock to be locked. The other 3 boxes I left checked.
As a side note however, for some reason, the box for "can administer printers" would not stay checked each time I went back into Admin/Parental Controls to check on the settings. It didn't seem to make a difference because even with the box UN-checked (indicating I would not be able to administer printers) I was still able to get into the Print/Fax preference pane and change the default printer if I like.
This time, being connected automatically via ethernet, and Parental Controls partially enabled — disabling the ability to modify the Dock only — I was able to successfully access the previously inaccessible https websites. They loaded at a normal peppy rate and with no errors.
Now, the ONLY place that was still giving me problems was the Coxmail.com website for checking email. THAT's the place that was generating the error "Bad request. Your browser sent a request that the server could not understand." This problem only happens in Firefox 3, not Safari. Odd. However, there is a link right underneath the user name and password on the login page of the webmail website that clearly says "Click here for secure login." right above the enter button. Sure enough, clicking that link makes it load in https mode instead of http and it works with no error and I could log in to the user's email account.
My only guess is that Cox changed something that isn't playing nicely with Firefox 3??? But that isn't anything to do with Apple I don't think.
So, Apple still needs to fix this security/Parental Controls issue because others who don't have the same static IP issue as I do are still having problems it seems. For right now, it's not critical that I have static IPs set on the machines themselves. I thought it might have helped if I ever wanted to log in remotely via VPN but now with iChat screen sharing as a feature, that kinda takes care of that need for me. The only other thing that scares me about not having static IP is if I ever need to do a firmware update on the router that might require it, but I'll cross that bridge when I get to it.
So tomorrow night I'm going to go on site and change the ethernet connections to automatic, change the users back to standard, and lock the Docks via Parental Controls. Then I'm going to simulate a power outage, shut down the computers, power cycle all the devices (modem, router, switch) and cold boot the computers. Then I'm going to log in and load all the secure websites I can get my hands on and make sure they can log into their webmail accounts using the secure link.
While I'm waiting for everything to boot back up, I think I'll wave a rubber chicken over each machine and hop up and down on one foot while saying the Pledge of Allegiance.
Wish me luck!!!!!
There is a "fix" for Firefox and Apple's Parental Control bug...
"Try configuring Firefox to specify the httpd proxy directly. In Firefox, Preferences > Advanced > Network > Settings ... and specify host 127.0.0.1, port 10010 as the proxy."
Why am I doing Apple's job posting a fix they obviously know about?