ASA DMZ zone and Unix proxy server

Similar Messages

• Non-global zones and unix sockets

  Hello, I have a problem with local zones and unix socket sharing. I've created directory in global zone for ex. /zones/shared. Added it to zones via 'add fs, type=lofs' . In one zone I'm putting mysql socket in it and I want that other local zones could use it. Is it possible to share socket between zones?
  After all my experiments I'm always getting 'can't connect to mysql ... (146)' , 146 is 'connection refused' error.

  These services are off-line in the non-global zone, which is why non of the
  rc2.d or rc3.d scripts are being run:
  offline Dec_12 svc:/milestone/multi-user-server:default
  offline Dec_12 svc:/milestone/multi-user:default
  Any idea how to enable these, and why they are offline?
  Michael
  Created a non-global zone on a Solaris 10 box.
  Boots up ok and I can login with zlogin.
  It doesn't seem to run any of the scripts in
  /etc/rc2.d or /etc/rc3.d
  I know Solaris 10 uses "Service Management Facility"
  for most services now,
  but could still run legacy scripts in /etc/init.d ?
  Also I can't get sshd to start on the non-global
  zone.
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  # svcadm enable -t svc:/network/ssh:default
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  Anyone got any ideas?
  Michael

• Give me description about JAVA Proxy Runtime and JAVA Proxy Server

  Give me description about JAVA Proxy Runtime and JAVA Proxy Server with some examples.

  Hi,
  Java proxy runtime :
  Using the Java proxy runtime you can receive messages or send messages to the Integration Server.
  This will help you
  http://help.sap.com/saphelp_nw04/helpdata/en/64/7e5e3c754e476ee10000000a11405a/frameset.htm
  Java proxy server :
  The connection to the Integration Server by using the Java proxy runtime.
  This will help you
  http://help.sap.com/saphelp_nw04/helpdata/en/87/5305adc23540b8ac7bce08dbe96bd5/frameset.htm
  Regards
  Agasthuri Doss

• HTTPS and a Proxy server?

  Does the plugin-in still not work with HTTPS and a proxy server?
  From plug-in docs -
  "Java Plug-in supports http, ftp, gopher and SOCKS v4 protocols through the proxy server. Currently, Java Plug-in does not support https (SSL). "

  Hello
  I am making HTTPS calls from within my applet code and this works fine using the basic Java Plug-in support for HTTPS.
  This means my code basically does:
  URL url = new URL("https://myhost.com/servlet/Test");
  URLConnection conn = url.openConnection();
  etc..
  We are using Java 1.4.2. I've read in the "How HTTPS Works in Java Plug-in" for 1.3, that the plugin uses the browsers API for making HTTPS connections. Is this still the case for 1.4?
  My basic problem is that it all works fine if the browser is NOT configured to use a proxy server. If a proxy server is configured we get the following Exception in the client:
  java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Request ( The data is invalid. )"
  I have read that "Sun's Java Secure Socket Extension (JSSE) library allows you to access a secure Web server from behind a firewall via proxy tunnelling. However, JSSE expects the proxy's reply to the tunnelling request to begin with "HTTP 1.0"; otherwise, it throws an IOException" (http://www.javaworld.com/javatips/jw-javatip111_p.html)
  The article talks about using the JSSE library but it seems to be assuming the client is an application not an applet.
  How do I use JSSE from within an applet if all the proxy information I seem to need to set in the JSSE code is held by the browser?
  Will JSSE support proxies returning responses beginning HTTP 1.1 in the future?
  Any help on this would be greatly appreciated.
  Many thanks
  mark

• HTTP tunneling and reverse proxy server

  We're currently using Windows Media Services (WMS) to stream
  video on our website. There is an option WMS to use the HTTP
  protocol and to specify the port you'd like to use. This has
  allowed us to stream video through our external firewall, through
  our reverse proxy server, and through our internal firewall to our
  media server. I've been trying for two days now to get Flash Media
  Server (FMS) to do the same thing. For some reason the HTTP
  tunneling (RTMPT) protocol doesn't appear to be acting like the
  HTTP protocol that WMS is using. Anyone have some tips on this
  configuration. I've scoured web resources and documentation as best
  I could. Any help would be greatly appreciated.
  Thanks.

  To give a better picture, here's a more complete description of set up and goals
  Static IP hits external interface of ASA. ASA has a static nat rule to forward it to my DMZ server.
  DMZ server is running IIS 8. Here are what some of the sites look like.
  jira.xxxxx.com -> 10.1.10.21 (ubuntu server) | port 80
  email.xxxxx.com - > 10.1.10.16 (domain joined server 2012) port 80, 443
  media.xxxxx.com -> 10.1.10.14 (domain joined server 2012) port 80, 443
  other stuff like this -> 10.1.10.x port 80 or others
  All of the A records for those domain names point to the static which routes to the ASA and then is NAT'd to the DMZ server. 
  What do I need to do in IIS to have those sites get directed to the proper internal locations?
  Thanks!!

• IMAPS and SMTPS proxy server

  Hi,
  I come from Germany. We use Lotus Domino in our enterprise. After evaluating Lotus Ultralite we would like to use a imaps/smtps proxy server for email access.
  Normaly we would use a Cisco ASA, but there seems to be a problem/incompatility with the iPhone Mail client.
  The mail account can be set up on the iPhone and is succesfully verified. But when I try to access my mails I only get an "server not found". The debug log on the ASA shows that the imap server reports an error and quits. I can access my mails with other mail clients like Apple Mail on 10.5.
  So I am looking for an alternative. Which proxy server (soft- or hardware) can you recommend?

  Hello
  I am making HTTPS calls from within my applet code and this works fine using the basic Java Plug-in support for HTTPS.
  This means my code basically does:
  URL url = new URL("https://myhost.com/servlet/Test");
  URLConnection conn = url.openConnection();
  etc..
  We are using Java 1.4.2. I've read in the "How HTTPS Works in Java Plug-in" for 1.3, that the plugin uses the browsers API for making HTTPS connections. Is this still the case for 1.4?
  My basic problem is that it all works fine if the browser is NOT configured to use a proxy server. If a proxy server is configured we get the following Exception in the client:
  java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Request ( The data is invalid. )"
  I have read that "Sun's Java Secure Socket Extension (JSSE) library allows you to access a secure Web server from behind a firewall via proxy tunnelling. However, JSSE expects the proxy's reply to the tunnelling request to begin with "HTTP 1.0"; otherwise, it throws an IOException" (http://www.javaworld.com/javatips/jw-javatip111_p.html)
  The article talks about using the JSSE library but it seems to be assuming the client is an application not an applet.
  How do I use JSSE from within an applet if all the proxy information I seem to need to set in the JSSE code is held by the browser?
  Will JSSE support proxies returning responses beginning HTTP 1.1 in the future?
  Any help on this would be greatly appreciated.
  Many thanks
  mark

• Safari 3.x (Leopard) and Web Proxy Server Problems:

  I have a Squid proxy server running on Linux. Users web traffic is directed through it via WPAD server which hosts a simple PAC file. The PAC files is very clean and small. It basically points all external (Internet) web traffic to our Proxy server. All of our Windows, Linux and Tiger clients work fine. However, Leopard (Safari 3.x) doesn't work quite right. Here's what happens:
  Mac user logs into a Leopard 10.5 Mac. User launches Safari and tries to go to an external (Internet) site. The WPAD server is contacted and the Mac User is prompted to authenticate to the Proxy server. This is totally normal behavior thus far. Then, however, every few minutes the Leopard Mac user will be prompted to authenticate again (sometimes 2 or 3 times in a row!). Firefox 2.0.x, when configured to use the WPAD/PAC server and Proxy server, works fine in Leopard. Only Safari 3 in Leopard is having the problem.
  All the Macs (Tiger and Leopard) are configured to use the Proxy server via OS X's Network Pref Pane (using the "Automatic Proxy Configuaration"). Reminder: Tiger works fine (even with the Safari betas), but Leopard's doesnt not.
  I have attached our PAC file inline below (some things edited for privacy):
  // SIMR automatic configuration for Mozilla and friends
  // $Id: wpad.dat,v 1.8 2005/12/14 20:18:23 dct Exp $
  // Edit carefully, since many may be relying on this...
  function FindProxyForURL(url, host) {
  // Bypass the proxy for internal addresses
  if (!url.match("http:")
  || url.match("http://127.0.")
  || url.match("http://10.")
  || url.match("http://192.168.")
  || isPlainHostName(host)
  return "DIRECT";
  // These are exceptions given in the IE config for Windows.
  if (host == "www.ncbi.nlm.nih.gov"
  || host == "chabry.caltech.edu"
  || host == "flybase.bio.indiana.edu"
  || host == "www.fedex.com"
  || host == "domain.org"
  return "DIRECT";
  return "PROXY <proxy server>:8080";
  }

  I think I have a similar problem. I am a Mac connecting to an otherwise all PC school network.
  A new location with all correct proxies has been set up. However, Safari always crashes on first attempt to negotiate its way through our server to the internet. Internet explorer gets through because in its preferences it is possible to include the name of the school domain as well as my user name and password.
  We have been unable to find any way of including the domain name into Location in Network or into Safari.
  However, once Internet Explorer has negotiated with the server I can launch Safari and it works as normal.
  Safari/Network seems to lack this option of including a domain name that my PC server requires.
  Make sense to anyone?
  Worth mentioning that my copy of Internet Explorer (5.2) often crashes, but usually it has done its job by then. I quite like the concept of Internet Explorer sacrificing itself to clear a path for Safari.

• Java Importer and UNIX app server

  Setup: win2000, forms6i, jdk1.2.2
  I have successfully imported a java class (simple one just to give a string message out) on my pc, now I want to move the form to unix app server.
  I installed jdk1.2.2 on unix box in oracle app server account, made sure the path includes jdk1.2.2 path, added classpath variable to include importer.jar and my jar file.
  when the form is executed, It fails with "JAVA error"; no further explanation. I have coded exception block to trap java exception and display error.
  Any other setup required? Do I need to restart app server?
  Any suggestions please.
  Thanks
  Abhay

  1) I am currently using 9iAS version 9.0.2.2.0 (Forms version (9.0.2.11.0). Will this version reuse a single JVM or create one for every user?
  2) I am trying to implement a form with imported Java. I get an exception. I have tried the ORA_JAVA exception and error handling as indicated in the Forms Developer help (importing java.lang.exception) but it does not help. Stepping through the code I see that the generated JNI.GET_CLASS call fails for both my custom class and Exception_. Does this mean the JVM cannot be created? In my default.env file I have added my jar file to the classpath and the path already contained the jre/bin/classic directory. I saw a post about conflicts between the Forms and Reports classpath but I have not called reports when I run into this problem.

• InPrivate Browsing and a Proxy Server

  Is it possible to have IE8 InPrivate Browsing use a proxy server and not regular IE8 not using the proxy without changing the settings every time I use IPB?

  Hi,
  Thank for posting in Microsoft TechNet Forum.
  Inprivate Browsing only affect following items:
  Information
  How it is affected by InPrivate Browsing
  Cookies
  Kept in memory so pages work correctly, but cleared when you close the browser.
  Temporary Internet Files
  Stored on disk so pages work correctly, but deleted when you close the browser.
  Webpage history
  This information is not stored.
  Form data and passwords
  This information is not stored.
  Anti-phishing cache
  Temporary information is encrypted and stored so pages work correctly.
  Address bar and search AutoComplete
  This information is not stored.
  Automatic Crash Restore (ACR)
  ACR can restore when a tab crashes in a session, but if the whole window crashes, data is deleted and the window cannot be restored.
  Document Object Model (DOM) storage
  The DOM storage is a kind of "super cookie" web developers can use to retain information. Like regular cookies, they are not kept after the window is closed.
  Based on my know, we cannot use a proxy server separately for Inprivate Browsing.
  Hope it helps.
  Regards,
  Alex Zhao
  TechNet
  Subscriber Support
  in forum. If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• AAD Connect Health and outbound proxy server

  Fired up the Azure AD Connect Health preview on some AD FS 2012 R2 servers today. Installation went fine and the servers show up in the portal, but no data is flowing. Event log shows repeated exceptions trying to connect to:
  https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc/AgentUpdateCheck?tenant=<mytenantguidhere>&env=adfs&productname=Microsoft.Identity.Health.Agent¤tversion=1.0.15022.0
  The machines are on private IP addresses but have a proxy server configured (netsh winhttp set proxy). I'm not seeing any requests hit the proxy log, so I'm guessing the initial install used my IE proxy settings, but the service is not using the system proxy
  config as it should.
  Seems like a bug. Am I doing something wrong?
  Cheers.

  Event 171 from source Monitoring Agent. Not a simple HTTP 403 or 404 error -- the proxy is not being used so the system cannot be reached at all.
  UpdateChecker.ThrottleUpdateInterval;Scheduling next attempt in 5 minutes. Exception: There was no endpoint listening at
  https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc/AgentUpdateCheck?tenant=my-tenant-guid&env=adfs&productname=Microsoft.Identity.Health.Agent&currentversion=1.0.15022.0 that could accept the message. This is often caused
  by an incorrect address or SOAP action. See InnerException, if present, for more details. Unable to connect to the remote server
  System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at
  https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc/AgentUpdateCheck?tenant=my-tenant-guid&env=adfs&productname=Microsoft.Identity.Health.Agent&currentversion=1.0.15022.0 that could accept the message. This is often caused
  by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected
  party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 168.61.179.146:443
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
     --- End of inner exception stack trace ---
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.Online.KeyAndPolicyService.Contracts.IClientRegistrationManager.CheckForAgentUpdate(String tenantName, String environment, String productName, String currentVersion)
     at Microsoft.Online.Reporting.MonitoringAgent.ClientRegistration.CheckForUpdates()
     at Microsoft.Online.Reporting.MonitoringAgent.UpdateChecker.CheckForUpdates()
     at Microsoft.Online.Reporting.MonitoringAgent.UpdateChecker.CheckForAndApplyUpdates(TimeSpan curUpdateCheckInterval)
     at Microsoft.Online.Reporting.MonitoringAgent.UpdateChecker.RunUpdateChecker(TimeSpan curUpdateCheckInterval)
  There's also event 137 from Monitoring Agent with the same basic issue:
  Agent.DownloadPolicyAndUpdateProcessors;DownloadPolicyFailed:There was no endpoint listening at
  https://policykeyservice.dc.ad.msft.net/policymanager.svc/MonitoringPolicy/my-tenant-guid/adfs that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. Unable to connect
  to the remote server
  System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at
  https://policykeyservice.dc.ad.msft.net/policymanager.svc/MonitoringPolicy/my-tenant-guid/adfs that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException:
  Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to
  respond 168.61.179.146:443
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
     --- End of inner exception stack trace ---
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---

• Elicensing and ISA proxy server

  Hello
  Our organization uses Micrsoft ISA server to secure port 80 traffic. If we choose to have Adobe host our licensing service will this work with ISA. Does it pick up the IE proxy settings or can you specify this somewhere in the client configuration file.
  thanks Daron

  The license manager component embedded into Acrobat 8 picks up the IE proxy settings, so it should work fine without any settings in the Client Setup file (also know as configuration file or just Adobeconfig.xml)
  Make sure to follow the instructions in the "Configuring Acrobat 8 with ALM" document to prepare your installation image. The document is available at: http://www.adobe.com/elicensing/licensemanagement/alm/pdfs/ConfiguringAdobeAcrobat8withAL M_EN.pdf

• After auto update from 3.6.3 to 3.6.13, "proxy server refuses connection". I have to uninstall 3.6.13 and install 3.6.3 in order for it to work again.

  I have been very satisfied with Mozilla Firefox until recently. I have Firefox 3.6.3. Every time a box appears with "installing updates" it installs updates then the screen goes to "problem loading page" and "the proxy server is refusing connections". The only way I can get internet access is to go to "control panel" then "add or remove programs" then I have to "uninstall mozilla firefox 3.6.13. Then I click on my "Firefox Setup 3.6.3, and I install that version. Once I do that, everything works fine again. It is such a headache because I can't prevent the "installing updates" from happening and once it happens, it does not work, as described above.
  Any thoughts???????
  Russ Carlson ''moderator removed email address and cellphone number''

  I have this problem also.
  Can't bring up the Hotmail screen.
  I am looking for a simple way to
  get rid of 3.6.13.
  I tried restoring to a point
  before the Dec 10 upgrade but when system
  restored Firefox was still 3.6.13
  I guess I will have to abandon MOZILLA FIREFOX
  and start using MICROSOFT IE

• Setting multiple R12 iModules on same external tier which is in DMZ Zone

  Experts,
  Could some one guide me on how to setup more than one iModules on same external tier which is in DMZ Zone.
  We have already setup iStore and its working fine.
  Now we would like to extend it to other modules like : iPayables, iReceivables and iRecruitment.
  Our current setup is :
  Whenever external users try to access iStore : https://iStore.domain.com, It reaches F5 Load Balancer using SSL Port 443.
  LB has the redirection rule setup to http://hostname.internal.domain.com:8000, with the help of 8000 port the requests reaches External Web Tier in DMZ Zone and gets served.
  If we need to deploy/enable another iModules, how the setup needs to be served.
  We referred the Metalink Note: 380490.1 for iStore setup.
  Please advise as I am new to these external web tier setup.
  Regards,
  RR.

  >
  Yes, We have un-commented and written the rule as below for iStore as per the Metalink note.
  RewriteRule ^/$ https://iStore.domain.com/OA_HTML/ibeCZzpHome.jsp [R,L]
  However I am worried more about the defining routing rules in the reverse proxy:
  as of now F5 mapping has -- https://iStore.domain.com:443 -> http://hostname.internal.domain.com:8000
  Would it fine if we write the mapping as https://iStore.domain.com:443 -> http://hostname.internal.domain.com:8002
  Apologies if my understanding is wrong, as updated I am new to this external tier setups.
  Regards,
  RR.
  >
  Hi,
  From your reverse proxy server setting it looks like you are planning on using module name in the url (i.e. https://iStore.domain.com:443) - in my case
  what I did was I used a more generic url (e.g. https://sswa.domain.com - sswa meaning self service web apps) that way my url was not dependent upon a particular
  module from the reverse proxy server. Since you mentioned change of port from 8000 (port pool zero) to 8002 (port pool two) - were you using
  port 8000 and now planning on changing
  your port on the system where you were already running iStore or is this for a non production/test system?
  Hope this helps :-)
  Regards,

• WAS or Dialog instance in DMZ zone

  Hello All,
  Please clarify me by answering the following question.
  I have a plan to use the erecuting functionality without Portal system and have plans to use this functionality outside the intranet. ( Note : Not planned to move the back end system to DMZ zone)
  So kindly suggest me with your valuable points.
  The options which we have are.
  1. Installing WAS 7.00 engine in DMZ zone and Using this ICM in Erecruting system (back end) by changing the ICM host parameter
  2. Installing Dialog Instance and requesting all the erecruting request will send to dialog instance which will be placed in DMZ zone.
  Will the above 2 option will work out for my case? Looking for your suggestions
  Vijay

  hi,
  to install an application server in DMZ, confirm that you will get the port 445 open.
  The TCP port 445 is required to access the sapmnt directory, which contains u201CSAP profilesu201D.
  or,
  alternative you place an application server lan which will communicate to CI and reverse proxy server (in DMZ)
  request flow:
  Internet>reverse proxy->application server--->Database server.
  -gokul

• Basic auth in proxy server breaks managed server form auth

  Hi,
  I have a proxy server configured in front of 2 managed servers.
  The managed servers have secure pages and are using form auth and the
  proxy server is working properly. In other words, I point my browser
  at the proxy and I end up being services by one of the managed servers.
  If I attempt to access a secure page via the proxy I am sent to the form
  login page via the proxy.
  Now for the problem:
  If I configure the proxy server to use basic auth, and secure all
  pages in the proxy, I must provide my userid/password to the proxy
  server (this is working fine) before I can get to one of the managed
  servers. I can get to the welcome page of the managed server (which is
  not secure) There is a link to a secure page on the welcome page. When
  I click on the link to the secure page, I am sent to the form auth by
  the managed server. I authenticate, but I can never see the secure
  page. I end up being redirected to the form login page endlessly.
  Both the proxy server and the managed server are usign the default
  JSESSIONID.
  Here is a section of the web.xml for the proxy server:
  <servlet>
  <servlet-name>HttpClusterServlet</servlet-name>
  <servlet-class>weblogic.servlet.proxy.HttpClusterServlet</servlet-class>
  <init-param>
  <param-name>WebLogicCluster</param-name>
  <param-value>${ProxyConfig}</param-value>
  </init-param>
  <init-param>
  <param-name>SecureProxy</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>Debug</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>DebugConfigInfo</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>CookieName</param-name>
  <param-value>JSESSIONID</param-value>
  </init-param>
  <init-param>
  <param-name>CookieName</param-name>
  <param-value>wlauthcookie_</param-value>
  </init-param>
  </servlet>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>gcmgui/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>applauncher/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>ssoadmin/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>default/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>domainadmin/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>gsc/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>psr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>broadcastclient/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>nra/*</url-pattern>
  </servlet-mapping>
  Here is the proxy debug:
  <Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
  /applauncher/jsp/AppLaunche
  r.jsp HTTP/1.1
  <Fri Jul 11 14:40:07 EDT 2003>: Found cookie: Sf4VoFtpQwG]dTNEh9Yq
  <Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
  -213061352!10
  .68.10.87!1080!10443
  <Fri Jul 11 14:40:07 EDT 2003>: Remove idle for '30' secs:
  ProxyConnection(isSec
  ureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Create connection:
  ProxyConnection(isSecureProxy
  =true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
  image/jpeg,
  image/pjpeg, application/vnd.ms-excel, application/msword,
  application/vnd.ms-po
  werpoint, */*
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
  <Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
  MSIE 6.0; W
  indows NT 4.0; H010818)
  <Fri Jul 11 14:40:07 EDT 2003>: Host: localhost:18002
  <Fri Jul 11 14:40:07 EDT 2003>: Connection: Keep-Alive
  <Fri Jul 11 14:40:07 EDT 2003>: Cookie:
  JSESSIONID=1PEosMJQ9ZJrewjj1t5nZfNtYe1e5
  pWYbjyBGvZ1ExEY8YoueKTG!-213061352!NONE;
  wlauthcookie_=Sf4VoFtpQwG]dTNEh9Yq
  <Fri Jul 11 14:40:07 EDT 2003>: Authorization: Basic
  cmFwcGVsYmE6b3V0Mmx1bmNo
  <Fri Jul 11 14:40:07 EDT 2003>: HTTP/1.1 302 Moved Temporarily
  <Fri Jul 11 14:40:07 EDT 2003>: Out-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:07 GMT
  <Fri Jul 11 14:40:07 EDT 2003>: Location:
  https://localhost:18002/applauncher/un
  restricted/jsp/FormLogin.jsp
  <Fri Jul 11 14:40:07 EDT 2003>: Server: WebLogic WebLogic Server 8.1
  Thu Mar 20
  23:06:05 PST 2003 246620
  <Fri Jul 11 14:40:07 EDT 2003>: Transfer-Encoding: Chunked
  <Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
  /applauncher/unrestricted/j
  sp/FormLogin.jsp HTTP/1.1
  <Fri Jul 11 14:40:07 EDT 2003>: Found cookie: UZ]OrXsBP6uEEa[0veSz
  <Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
  -213061352!10
  .68.10.87!1080!10443
  <Fri Jul 11 14:40:07 EDT 2003>: Requeue connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Recycle connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
  image/jpeg,
  image/pjpeg, application/vnd.ms-excel, application/msword,
  application/vnd.ms-po
  werpoint, */*
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
  <Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
  MSIE 6.0; W
  indows NT 4.0; H010818)
  <Fri Jul 11 14:40:08 EDT 2003>: Host: localhost:18002
  <Fri Jul 11 14:40:08 EDT 2003>: Connection: Keep-Alive
  <Fri Jul 11 14:40:08 EDT 2003>: Authorization: Basic
  cmFwcGVsYmE6b3V0Mmx1bmNo
  <Fri Jul 11 14:40:08 EDT 2003>: Cookie:
  JSESSIONID=1PEHvo1gQIbwOMuVsU9pJnnvlGBSP
  74ZUcSHwazE7domCL8UlVA2!-937872307; wlauthcookie_=UZ]OrXsBP6uEEa[0veSz
  <Fri Jul 11 14:40:08 EDT 2003>: HTTP/1.1 200 OK
  <Fri Jul 11 14:40:08 EDT 2003>: Out-bound headers:
  <Fri Jul 11 14:40:08 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:08 GMT
  <Fri Jul 11 14:40:08 EDT 2003>: Server: WebLogic WebLogic Server 8.1
  Thu Mar 20
  23:06:05 PST 2003 246620
  <Fri Jul 11 14:40:08 EDT 2003>: Content-Length: 4238
  <Fri Jul 11 14:40:08 EDT 2003>: Set-Cookie:
  JSESSIONID=1PEIxJ21oT5H3Z2ilQjPqpq1V
  kdOhEnNbbz9wviTtTTZj6IBp29b!-213061352!NONE; path=/
  <Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:08 EDT 2003>: Requeue connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:44 EDT 2003>: Trigger remove idle for '35' secs:
  ProxyConnecti
  on(isSecureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
  Thanks,
  Rob

  I typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.