HTTP failed - Transparent web proxy
Hello,
I developped an application with Flex 3 B1, it works at my
home but when I tried it in my office I have this type of message
sometime
code:
Channel.Call.Failed
Message:
error
Detail:
NetConnection.Call.Failed: HTTP: Failed
Sometime the application works, sometime not... I think this
is a web proxy problem. I called the person in charge of this and
for him some program cannot works with a transparent proxy.
Somebody have the same problem ?
Best regards,
Marc
Thank you Ken for you whitepaper.
I read the configuration and it is mentioned that the IronPort and clients are not on the same interface (segment). I also read that the IronPort Appliance and clients must be on the same ASA interface to avoid passing trough the ASA itself again.
Which of these two is right ?
In my architecture I'm not able to set the IronPort on the same interface as clients (2 differents interfaces and subnet).
I attached a document explaining the architecture
My bad I saw that the WSA and clients are on the same ASA interface in the inside networks. Still, in my configuration is it possible to enable WCCP ?
I also so that it is possible to implement a route-map which perfrom PBR by changing the next-hop ip for specific traffic but this function is not avalaible on ASA as i heard. Can anyone confirm that ?
Ce message a été modifié par: Maxime GERGES
Similar Messages
-
Flex 3 - AMFPHP - Transparent Web Proxy
Hello,
I developed a Flex3 application with AMFPHP to communicate
with PHP. At home no problem everything work but when I try to my
office I have this type of error sometime :
code:
Channel.Call.Failed
Message:
error
Detail:
NetConnection.Call.Failed: HTTP: Failed
I checked with the administor and this is an error with the
transparent web proxy. (I work under MacOsX)
I don't know if I can specify the proxy configuration
somewhere. Please find below my service configuration file :
<services-config>
<services>
<service id="amfphp-flashremoting-service"
class="flex.messaging.services.RemotingService"
messageTypes="flex.messaging.messages.RemotingMessage">
<destination id="amfphp">
<channels>
<channel ref="my-amfphp"/>
</channels>
<properties>
<source>*</source>
</properties>
</destination>
</service>
</services>
<channels>
<channel-definition id="my-amfphp"
class="mx.messaging.channels.AMFChannel">
<endpoint uri="
http://www..nouveausens.fr/Services/gateway.php"
class="flex.messaging.endpoints.AMFEndpoint"/>
</channel-definition>
</channels>
</services-config>
Someone had this problem ? or can help me ?
Thanks a lot,
Marcmaybe because
http://www..nouveausens.fr/Services/gateway.php
has 2 points after
http://www. :-) -
Flex - AMFPHP - Transparent Web Proxy
Hello,
I developed a Flex3 application with AMFPHP to communicate
with PHP. At home no problem everything work but when I try to my
office I have this type of error sometime :
code:
Channel.Call.Failed
Message:
error
Detail:
NetConnection.Call.Failed: HTTP: Failed
I checked with the administor and this is an error with the
transparent web proxy. (I work under MacOsX)
I don't know if I can specify the proxy configuration
somewhere. Please find below my service configuration file :
<services-config>
<services>
<service id="amfphp-flashremoting-service"
class="flex.messaging.services.RemotingService"
messageTypes="flex.messaging.messages.RemotingMessage">
<destination id="amfphp">
<channels>
<channel ref="my-amfphp"/>
</channels>
<properties>
<source>*</source>
</properties>
</destination>
</service>
</services>
<channels>
<channel-definition id="my-amfphp"
class="mx.messaging.channels.AMFChannel">
<endpoint uri="
http://www..nouveausens.fr/Services/gateway.php"
class="flex.messaging.endpoints.AMFEndpoint"/>
</channel-definition>
</channels>
</services-config>
Someone had this problem ? or can help me ?
Thanks a lot,
Marcmaybe because
http://www..nouveausens.fr/Services/gateway.php
has 2 points after
http://www. :-) -
Cisco WSA : Is it possible to use web proxy in transparent mode without WCCP router ?
Hello !
I would like to use Cisco WSA as a web proxy in a transparent way (without any configuration in client's web browsers) but i don't have a WCCP router. So, is it possible ?
If yes, how to do this ?
Thank you,
Stephane WalkerHi Stephane
The only alternative to WCCP is PBR (Policy Based Routing). With a simple configuration on the router you can redirect traffic defined as interesting by access list to WSA. On the WSA you need to configure transparent mode (Security Services -> Web Proxy -> Edit Settings -> Proxy Mode: Transparent). You also need to assure that proxy is listening on the port 80 and that HTTPS proxy is enabled (on port 443) if you want to redirect the HTTPS traffic as well.
Sample configuration for Cisco router
access-list 110 permit tcp any any eq www
route-map proxy-redirect permit 10
match ip address 110
set ip next-hop xxx.xxx.xxx.xxx
interface ethernet0/1
ip policy route-map proxy-redirect
xxx.xxx.xxx.xxx is the proxy IP in such case and access-list 110 defines web traffic (HTTP TCP/80) as interesting.
The biggest disadvantage of such solution is lack of failure detection. If the proxy will go down for some reason router will keep redirecting the traffic causing internet access outage.
Routers other than Cisco equipment should also have an option to configure policy based routing.
/Artur
Ps. It's not possible to place the WSA in-line between clients and the internet. -
Steps to enable Web Proxy for https
I have an S160 WSA and want to enable the Web service for http and https. I am using transparent mode with WCCP.
This is part of the router configuration:
ACL:
access-list 110 permit tcp 192.168.80.0 0.0.7.255 any eq 80
access-list 120 permit tcp 192.168.80.0 0.0.7.255 any eq 443
ip wccp 97 redirect-list 110
ip wccp 98 redirect-list 120
interface FastEthernet0/0.380
ip wccp 97 redirect in
ip wccp 98 redirect in
It is the same configuration for http and for https, but only http traffic is working. When I see the logs in the WSA, it looks like accepted connections for https.
In Security Services -> Web Proxy it is enabled, when I put the port 443, I get an https error in the end user laptop; when I dont, it keeps trying and I get a timeout.
I tried enabling https proxy but some sites (as gmail), wont work with self-generated certificates.
Would you please, list me the steps to enable Proxy services for https.
Thanks!!!
Sergio L.Hi Sergio,
When WSA is configured as transparent proxy, it also accepts explitcit connections. So in order to test HTTPS proxy, you can configure client browser to explicitly use WSA as proxy and see if it is working before testing in transparent mode.
When WSA is used as HTTPS proxy, it uses its self-generated certificate to encrypt the connection between itself and the client browser. Since this certificate is not trusted by browser, it'll throw SSL certificate error when connecting via WSA. In order to get rid of this error, download the self-generated certificate from WSA and install it in your browser as a trusted certificate. That should resolve SSL issue with gmail also.
Hope this helps.
Thanks,
Chetan -
Help! I was cruzing along just fine and went out tonight only to receive the message above:
Cannot open Page
Safari cannot open the page
The error was: "There was a problem communicating with the web proxy server (HTTP)."
I have had all the Apple iPhone phone. Have never encountered anything like this.
All systems are GO as soon as I log on to wifi.
Can anyone help, please.I am also fixed. I also loaded Onavo, but that was the other day ... this is what I did with the help of online chat with AT&T ...
I went to:
Settings
Wifi
I selected the network I was working on by hitting the blue arrow located on right side
At the detail page of that network I scolled down to the bottom to find HTTP Proxy boxes
I was on Off and changed it to Auto and it worked!
I was soo jazzed!!
Instructions said if it was already on AUTO, to change it to Manual and make your Port = 80 but I didn't have to do that!
YIPPIE!! I'm a new man!!
Go to settings -----> WI-FI -----> select the network you're using ------> hit the blue arrow located on the right-side of the network name (ie: show details of that network), this takes you to another page.
--------> at the bottom of the page you'll see "HTTP Proxy" boxes (located below the "renew lease" button) ---------------> change the proxy to AUTO. Note: if you're already at AUTO, change it to "Manual" and make your Port = 80. -
SNMP monitoring of Web Proxy server fails
The MIB (...private.enerprises.netscape.http...) that should be provided by the proxy sub agent is not available.
The Web proxy SNMP sub agent (ns-proxyagt) terminate its SMUX connection with the master agent (magt) when a SNMP GET is sent from a NMS system.
The agent starts and register itself as a peer as it seems correctly (smuxTreeTable/smuxTsubTree)
but when it recieves a GET request on a entry that should be provided by the sub agent MIB, the peer entries are removed and the TCP connection goes to CLOSE_WAIT. Both the master agent and the sub agent continues to run.
The system is runing on:
Solaris 9
Sun ONE Web Proxy server / version 3.6 SP3I don't have a fix for you, but I have seen this before on my devices running SP6 also.
What i have taken up doing is restarting the master and subagent via cron every two hours. -
17:06:13 Synchronizer Version 14.0.6123
17:06:13 Synchronizing Mailbox '[email protected]'
17:06:13 Synchronizing Hierarchy
17:06:13 4 folder(s) added to online store
17:06:13 1 folder(s) updated in online store
17:06:13 Synchronizing local changes in folder 'Inbox'
17:06:13 Error synchronizing folder
17:06:13 [80041004-0-0-430]
17:06:13 Error with Send/Receive.
17:06:13 There was an error synchronizing your folder hierarchy. Error : 80041004.
17:06:13 Synchronizing server changes in folder 'Calendar'
17:06:13 Synchronizing server changes in folder 'Contacts'
17:06:13
17:06:13
*Request*
17:06:13 17:06:13:0590
17:06:13 POST
17:06:13 http://
17:06:13 contacts.msn.com
17:06:13 /ABService/ABService.asmx
17:06:13
17:06:13 <ABFindAll xmlns="http://www.msn.com/webservices/AddressBook"> <abId>00000000-0000-0000-0000-000000000000</abId><abView>Full</abView><deltasOnly>false</deltasOnly></ABFindAll>
17:06:13
*Response*
17:06:13 17:06:13:0870
17:06:13 HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
Via: 1.1 TMG
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 707
17:06:13
17:06:13
17:06:13
17:06:13 Error with Send/Receive.
17:06:13 There was an error synchronizing a contacts folder. Error : 80004005.
17:06:13 Synchronizing server changes in folder 'Drafts'
17:06:13 Synchronizing local changes in folder 'Inbox'
17:06:13 Error synchronizing folder
17:06:13 [80041004-0-0-430]
17:06:13 Synchronizing server changes in folder 'Sent Items'
17:06:13 Synchronizing server changes in folder 'Deleted Items'
17:06:13 Synchronizing server changes in folder 'Junk E-mail'
17:06:13 Done
17:06:13
17:06:13
*Request*
17:06:13 17:06:13:0870
17:06:13 POST
17:06:13 http://
17:06:13 mail.services.live.com
17:06:13 /DeltaSync_v2.0.0/Settings.aspx
17:06:13
17:06:13 <?xml version="1.0" encoding="utf-8"?><Settings xmlns="HMSETTINGS:"><ServiceSettings><SafetySchemaVersion>1</SafetySchemaVersion><SafetyLevelRules><GetVersion/></SafetyLevelRules><SafetyActions><GetVersion/></SafetyActions><Properties><Get/></Properties></ServiceSettings><AccountSettings><Get><Options/><Properties/></Get></AccountSettings></Settings>
17:06:13
*Response*
17:06:13 17:06:13:0870
17:06:13 HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
Via: 1.1 TMG
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 707
17:06:13
17:06:13Hi,
According to the log, it seems that TMG firewall denied the request and replied with an HTTP 407 response, indicating that proxy authentication was required. This was done because the Forefront TMG firewall did not have any access rules which would allow
the anonymous request. Please check if you have configured related access rules.
When did you recieve this log? Is there anyting wrong? Which authentication method you have used, Kerberos, NTLM or other?
It seems that each time a web proxy client requests a resource through a Forefront TMG firewall that requires NTLM authentication the client is actually denied twice during the transaction before being successfully authenticated and allowed access. When
the Forefront TMG firewall is configured to use Kerberos there is only a single denied request and HTTP 407 response and then contact a domain controller and obtain a Kerberos ticket to present to the TMG firewall to gain access to the resource.
If you configured the TMG clients with a certain proxy name, please make sure you typed the TMG's domain computer name only (not IP address nor alias).
Best regards,
Susie -
Http web proxy doesn't work after iOS 8.0 upgrade
Hi ,
I upgraded my ipad air to ios 8. But after this change I am not able to connect to any web site through http web proxy. I think this has to be related io8 specifaciton.
Please let me know any solution for this.
Regards ,
GokhanEver since the iOS 8.0.2 update my iphone 4 will not update any of my apps. I have 12 apps stuck on updates. Is anyone listening at Apple?
-
Safari can't connect to the web proxy server (HTTP)
Hello,
I have following problem. I need to connect to the internet using a proxy server. I went to System Preferences/Network/Wi-Fi/Advanced.../Proxies. Then, I selected Web Proxy (HTTP) and enetered server's IP address and port. It looks like I did everything correctly, but Safary can't open any page because "Safari can't connect to the web proxy server (HTTP)". Does anyone know how to solve this problem?There are three possibilities:
1. You entered the wrong address and port number for the proxy.
2. You entered the wrong user name and password, if applicable.
3. The proxy doesn't work or is incompatible. -
Setting up Web Proxy (HTTP) in Terminal
I am wondering if there is a way to set up the Web Proxy password in Terminal. Every time I try to do this in System Preferences the application crashes and the old password remains unchanged. Would be grateful for any help.
it
might be a good idea to reboot after deleting the
plist file. You didn't say you tried that.
Deletedthe plist file again, rebooted, changed the web proxy password, System Preferences crashed. I am at Square One.
Also, look in /var/log/System.log to see if there is
any information about why the crash happened.
What should I look for in the system log file? It is rather lengthy. Please advise. Do you think a regular IT guy could be of any help? Or is it so Mac-specific that our internal IT support people may not decipher? -
HTTPS with Applet over Proxy Issue
An applet using HttpURLConnection within a Java Applet. The Connection is formulated as follows:
HttpURLConnection urlConn = (HttpURLConnection)destURL
.openConnection( );
urlConn.setDoOutput( true );
urlConn.setDoInput( true );
urlConn.setUseCaches( false );
urlConn.setAllowUserInteraction( false );
urlConn.setRequestProperty( "Content-type","multipart/form-data" );
urlConn.setRequestProperty( "Content-length","" + parameters.length( );This works fine with numerous proxy servers and other network
topologies, except one. The issue I am told occurs when we are trying to
connect over https. For background, my understanding is this causes the Java Plug-in to :
* invoke the http CONNECT command
* wait for the 200 OK indicating that the secure tunnel is established
* then send the request securely.
Doing a packet trace shows that the headers set in the code are
actually being included with the CONNECT. However the Java Plug
(1.4.2_06) does not sent the body with the CONNECT. I am told this
causes the proxy to wait for an entity that never arrives, because, on
the other end, the plug-in is waiting for 200 OK. After 8 secs the
plug-in resets the connection and fails.
Packet traces on other proxies show the same content-length header being
included, but they decide ignore it. From Googling I note some folks
claim that this is expected, because CONNECT is non-entity enclosing.
Doc's are scant on the CONNECT command. In some cases they seem to imply
that no data should go with the CONNECT (making it non-entity
enclosing), but later they state it supports data-pipelining, making the
content-length relevant, as the CONNECT may well contain an entity.
Moreover, is the intent of Applet Framework to insulate the programmer
from having to worry about issues like this? For example this Applet can
and does connect to a myriad of HTTP/1.1 or 1.0 server through a proxy
or not; in the case of no proxy or non secure proxy, the content-length
header is valid as the request goes out in one go with associated
headers. So writing the code as above, does not seem to be inherently
flawed, IMO. <-- And that is a question too :).
I note there is an isProxy() method, but this can only be determined
after connection (obviously) and parameters cannot be changed once the
connection is made. So creating a dummy connection first is possible I
suppose, but it seems a slippery slope to start coding for exceptions
like this, unless absolutely necessary.
On the face of it, it could be argued that this appears to be a bug in
the plug-in but with very little hits in google I am doubtful. To that
end, does anyone have any thoughts or experience with either working
around the problem (it would seem to be a pity to have to have a setting
per client), or whether in fact this proxy server is being too draconian
in its interpretation.
Thanks in advance,
Gary
Refs:
RFC2616
http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txtPardon my ignorance about proxies, but how do you tell the plug-in that there is a proxy in between you and the destination?
The reason I ask is because with the https protocol, the first thing that happens is that an SSL connection is set up between the endpoints, and only after, through this secure tunnel, is the GET request or whatever sent. The proxy never gets to see any of the HTTP headers. -
Help - cannot access web service outside web proxy
I'm trying to access a public web service - and web proxy stops me from doing it.
Here is my code:
package test;
import java.rmi.RemoteException;
import javax.xml.rpc.ServiceException;
import net.webservicex.www.WeatherForecastLocator;
import net.webservicex.www.WeatherForecastSoap;
import net.webservicex.www.WeatherForecastSoapStub;
import net.webservicex.www.WeatherForecasts;
import java.net.*;
import java.io.*;
public class TestOutput {
public static void main(String[] args) {
initialiseConfiguration();
printForecast();
public static void initialiseConfiguration() {
System.setProperty("http.proxySet", "true");
System.setProperty("http.proxyHost", "proxyserver");
System.setProperty("http.proxyPort", "8080");
System.setProperty("http.proxyUser", "userid");
System.setProperty("http.proxyPassword", "password");
public static void printForecast() {
try {
WeatherForecastLocator wfl = new WeatherForecastLocator();
WeatherForecastSoap wfs = wfl.getWeatherForecastSoap();
WeatherForecasts forecasts = wfs.GetWeatherByZipCode("90210");
} catch (Exception e) {
e.printStackTrace();
}Here, I was using the test web service located in www.webservicex.net/WeatherForecast.asmx
I've created stubs using Eclipse (package net.webservicex.www) in another project, compiled into a jar, and imported into the test project.
The test is working beautifully from my home. It's failing in the office with the error:
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (407)Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. )
faultActor:
faultNode:
faultDetail:
{}:return code: 407
It's failing when it's trying to execute
WeatherForecasts forecasts = wfs.GetWeatherByZipCode("90210");
The "initialiseConfiguration" function is doing its job OK - it's actually helping me to go through the proxy - if I'm doing simple stuff like accessing internet sites. I've tested it - I can get to any external site and read from it. The moment I disable "initialiseConfiguration", I can't get through the proxy.
So, probably, the problem lies in the web services client classes generated by Eclipse and based on axis. Maybe, the code gets through the proxy, but then starts to do something without authentication??? (I'm not sure if it's possible at all, but who knows...)
I've read a lot of postings on this subject and couldn't find a solution that would work for me. I'm very surprised, because my situation is very common - there are more and more public web services, and most organisations have firewalls. Obviously, I'm making some very elementary mistake.
Please helpWe have the same problem, not with SOAP but with XML-RPC (err 407). We're still stumped, and i agree that the problem should be common, but i don't see the mistake, so it's not that obvious.
Hypothesis: the proxy is spying on the requests content , and filtering out xml. Can you check that ?
Message was edited by:
idiallo -
Socks services errors in web proxy server
Using SunOne web proxy server 3.6+sp1, the socks service frequently out of service. Sometime its process is still alive , but can't response the client request; sometime the process is gone! The following is the errors log:
[25/Oct/2002:11:18:06] 8269 debug: io_loop: killing tunnel after rollover, lastactivity == 1966619898,PR_IntervalNow says 2026622109
[25/Oct/2002:11:20:31] 8269 debug: io_loop: killing tunnel after rollover, lastactivity == 1981101717,PR_IntervalNow says 2041102282
[25/Oct/2002:11:20:48] 754 error: unknown request type 0x47 from 10.160.8.159:30 83
[25/Oct/2002:11:41:07] 14946 debug: ACCEPT RETURNED NULL! io_total = 63 dead =-1
Any infomation is welcome!what's the software name of socks? how i can download it?
you mean it's not good?
And the following is the issue in detail:
The socks service frequently out of service. Sometime its process is still alive , but
can't response the client request; sometime the process is gone.It occurs once a
day, and after restart, its go away. And the last issue about must reconnect the gameroom
is gone now, and was identified as the network's problem.
mangus.conf:
#ServerRoot /iPlanet/proxy/proxy-proxy-proxy
ServerName proxy
ServerID proxy-proxy
Address 10.160.1.14
Port 8080
User root
LoadObjects obj.conf
RootObject default
ErrorLog /iPlanet/proxy/proxy-proxy-proxy/logs/errors
LDAPConnPool 5
SearchDepth 30
Dyngroups ON
SearchTimeLimit 30
BindTimeLimit 15
LdapCheckUp 30
CertificateChecking OFF
PidLog /iPlanet/proxy/proxy-proxy-proxy/logs/pid
MaxProcs 1024
ProcessLife 128
DNS on
Security off
Ciphers rc4,rc4export,+rc2,+rc2export,+des,+desede3
SSL3Ciphers
rsa_rc4_128_md5,rsa_3des_sha,+rsa_des_sha,+rsa_rc4_40_md5,+rsa_rc2_40
md5,-rsanull_md5
ACLFile /iPlanet/proxy/httpacl/generated.proxy-proxy-proxy.acl
obj.conf
# Netscape Communications Corporation - obj.conf
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
Init funcs="icp-init,icp-route" shlib="/iPlanet/proxy/plugins/icp/icp.so" fn="load-
modules"
Init funcs="pa-init-proxy-array,pa-init-parent-array,pa-enforce-internal-routing,pa-set-
parent-route,pa-set-member-status"
shlib="/iPlanet/proxy/plugins/parray/parray.so" fn="load-modules"
Init fn="load-types" mime-types="mime.types"
Init access="/iPlanet/proxy/proxy-proxy-proxy/logs/access" format.access="%
Ses->client.ip% - %Req->vars.pauth-user% [%SYSDATE%] \"%Req->reqpb.proxy-
request%\" %Req->srvhdrs.clf-status% %Req->vars.p2c-cl%" fn="flex-init"
Init fn="init-proxy" timeout="300" timeout-2="15"
Init fn="init-dns-cache" status="on" dir="/tmp" semas="4" size="4096"
expire="28800"
Init fn="init-cache" status="on" ndirs="256" dir="/iPlanet/proxy/cache"
Init fn="init-partition" status="on" name="p1" dir="/iPlanet/proxy/cache/p1" max-
size="8000" min-avail="5"
Init status="on" dir="/iPlanet/proxy/cache/p2" name="p2" max-size="8000" min-
avail="5" fn="init-partition"
Init status="on" dir="/iPlanet/proxy/cache/p3" name="p3" max-size="8000" min-
avail="5" fn="init-partition"
Init status="on" dir="/iPlanet/proxy/cache/p4" name="p4" max-size="8000" min-
avail="5" fn="init-partition"
Init status="on" dir="/iPlanet/proxy/cache/p5" name="p5" max-size="8000" min-
avail="5" fn="init-partition"
Init status="on" dir="/iPlanet/proxy/cache/p6" name="p6" max-size="8000" min-
avail="5" fn="init-partition"
Init status="on" dir="/iPlanet/proxy/cache/p7" name="p7" max-size="8000" min-
avail="5" fn="init-partition"
Init status="on" dir="/iPlanet/proxy/cache/p8" name="p8" max-size="8000" min-
avail="5" fn="init-partition"
Init fn="init-urldb" status="on" dir="/iPlanet/proxy/cache/urldb"
Init fn="init-batch-update" status="off" dir="/tmp" conf-file="bu.conf"
Init status="on" dir="/tmp" hash-size="17191" table-size="85955" expire="3600"
fn="init-pauth-cache"
Init config_file="icp.conf" status="off" fn="icp-init"
Init set-status-fn="pa-set-member-status" file="/iPlanet/proxy/proxy-proxy-
proxy/config/parray.pat" status="off" fn="pa-init-proxy-array"
Init set-status-fn="pa-set-member-status" file="/iPlanet/proxy/proxy-proxy-
proxy/config/parent.pat" status="off" fn="pa-init-parent-array"
<Object name="default">
NameTrans fn="map" from="file:" to="ftp:" cont="yes"
NameTrans fn="pfx2dir" from="/ns-icons" dir="/iPlanet/proxy/ns-icons" name="file"
NameTrans fn="pac-map" from="/" to="/iPlanet/proxy/proxy-proxy-
proxy/pac/proxy.pac" name="file"
PathCheck fn="url-check"
PathCheck fn="check-acl" acl="proxy-proxy-proxy_formgen-READ-ACL_deny-
5619"
PathCheck fn="check-acl" acl="proxy-proxy-proxy_formgen-WRITE-ACL_deny-
5619"
Service fn="deny-service"
AddLog fn="flex-log" name="access" iponly="1"
AddLog fn="urldb-record"
</Object>
<Object name="file">
PathCheck fn="unix-uri-clean"
PathCheck fn="find-index" index-names="index.html"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service fn="send-file"
</Object>
<Object ppath="ftp://.*">
ObjectType fn="cache-enable"
ObjectType fn="cache-setting" max-uncheck="21600"
Service fn="proxy-retrieve"
</Object>
<Object ppath="http://.*">
ObjectType fn="cache-enable"
ObjectType fn="cache-setting" max-uncheck="7200" lm-factor="0.100"
Service fn="proxy-retrieve"
</Object>
<Object ppath="https://.*">
Service fn="proxy-retrieve"
</Object>
<Object ppath="gopher://.*">
ObjectType fn="cache-enable"
ObjectType fn="cache-setting" max-uncheck="14400"
Service fn="proxy-retrieve"
</Object>
<Object ppath="connect://.*:443">
Service fn="connect" method="CONNECT"
</Object>
<Object ppath="connect://.*:563">
Service fn="connect" method="CONNECT"
</Object>
socks5.conf
# Netscape Communications Corporation - socks5.conf
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
auth 10.160.0.0/255.255.224.0 - -
auth - - u
permit u,- - - - - - -
set SOCKS5_BINDPORT 1080
set SOCKS5_LOGFILE /iPlanet/proxy/proxy-proxy-proxy/logs/socks5.log
set SOCKS5_DEBUG 1
set SOCKS5_WORKERS 100
set SOCKS5_ACCEPTS 5
set SOCKS5_NOIDENT
set SOCKS5_NOREVERSEMAP
socks5.log
[19/Nov/2002:11:31:14] 830 debug: request from 10.162.169.176:2305
[19/Nov/2002:11:31:15] 830 debug: auth: userpass
[19/Nov/2002:11:31:15] 830 debug: authentication type 2 successful for hs
[19/Nov/2002:11:31:15] 830 debug: request 1 to jason314.3322.org:21
[19/Nov/2002:11:31:15] 830 request: hs 5 connect: ok 10.162.169.176:2305 ->
jason314.3322.org:21
[19/Nov/2002:11:31:15] 831 debug: request from 10.162.169.176:2306
[19/Nov/2002:11:31:15] 831 debug: auth: userpass
[19/Nov/2002:11:31:15] 831 debug: authentication type 2 successful for hs
[19/Nov/2002:11:31:15] 831 debug: request 1 to jason314.3322.org:21
[19/Nov/2002:11:31:15] 831 request: hs 5 connect: ok 10.162.169.176:2306 ->
jason314.3322.org:21
access
10.160.115.222 - scy-tl [19/Nov/2002:11:32:33 +0800] "GET
http://www.eefoo.com/c
ommunity/images/bbs0gg.gif HTTP/1.0" 200 146
10.160.115.79 - whh-tl [19/Nov/2002:11:32:33 +0800] "GET
http://fayhoo.com/image
/blank HTTP/1.0" 404 276
10.160.19.151 - lhb [19/Nov/2002:11:32:33 +0800] "POST HTTP://rich-bj.stockstar.
com:8892/1 HTTP/1.0" 200 81
10.160.160.130 - gsp-ld [19/Nov/2002:11:32:33 +0800] "GET
http://images.sohu.com
/cs/button/sony/12060.swf?clickthru=http://goto.sohu.com/goto.php3?code=sony-
sh2
40-fr12050 HTTP/1.0" 200 8302
10.160.23.141 - wyn [19/Nov/2002:11:32:33 +0800] "POST HTTP://rich-
bj.stockstar.
com:8891/1 HTTP/1.0" 200 81
10.161.159.40 - - [19/Nov/2002:11:32:33 +0800] "PUT http://204.177.92.204/w/getc
lientid?srv=china_sex&ver=0,0,0,62 HTTP/1.0" 407 271
10.160.17.108 - weizc [19/Nov/2002:11:32:33 +0800] "GET
http://www.guosen.com/cg
i-bin/RHStockGraphics.dll?GetTLine?code=10000001&cx=150&cy=70&am=0
HTTP/1.0" 200
1004
10.161.130.3 - czy-ykj [19/Nov/2002:11:32:34 +0800] "GET http://ad4.sina.com.cn/
btn/dbtel-tlhp.swf HTTP/1.0" 304 -
10.161.159.40 - - [19/Nov/2002:11:32:34 +0800] "PUT http://204.177.92.204/w/getc
lientid?srv=china_sex&ver=0,0,0,62 HTTP/1.0" 407 271
errors
[19/Nov/2002:11:33:13] failure: for host 10.160.80.148 trying to GET http://myjh
xp.com/bbs/forums.cgi?forum=4, retrieve-exit-routine reports: proxy retrieve fai
led: Proxy server's network connection was refused by the server: myjhxp.com.
The server may not be accepting connections or may be busy. Try connecting
agai
n later.
[19/Nov/2002:11:33:13] warning: last-modified in future (not caching): Tue Nov 1
9 03:51:01 2002
[19/Nov/2002:11:33:13] failure: for host 10.160.80.148 trying to GET http://myjh
xp.com/bbs/forums.cgi?forum=4, retrieve-exit-routine reports: proxy retrieve fai
led: Proxy server's network connection was refused by the server: myjhxp.com.
The server may not be accepting connections or may be busy. Try connecting
agai
n later.
[19/Nov/2002:11:33:13] failure: for host 10.162.101.73 trying to GET ftp://202.1
15.144.37/software/special/WinPE-9down.rar, retrieve-exit-routine reports: proxy
retrieve failed: Proxy server's network connection was refused by the server:
202.115.144.37. The server may not be accepting connections or may be busy. Tr
y connecting again later.
[19/Nov/2002:11:33:13] warning: last-modified in future (not caching): Tue Nov 1
9 18:21:00 2002
[19/Nov/2002:11:33:13] warning: last-modified in future (not caching): Tue Nov 1
9 03:51:01 2002
The logs is so large, i only can give you some of them typically.
and the types of log's record when problem occurs i have supplied to you, also i
pasted here
[25/Oct/2002:11:18:06] 8269 debug: io_loop: killing tunnel after rollover, lastactivity
== 1966619898,PR_IntervalNow says 2026622109
[25/Oct/2002:11:20:31] 8269 debug: io_loop: killing tunnel after rollover, lastactivity
== 1981101717,PR_IntervalNow says 2041102282
[25/Oct/2002:11:20:48] 754 error: unknown request type 0x47 from
10.160.8.159:30 83
[25/Oct/2002:11:41:07] 14946 debug: ACCEPT RETURNED NULL! io_total = 63
dead =-1
------------------------------------------------------------------ -
Bug Report: JSSE 1.0.2 & iPlanet-Web-Proxy-Server/3.6
When tunneling through iPlanet-Web-Proxy-Server/3.6 we get a "Socket Closed" exception during the handshake (right after overlaying the tunnel). I got this problem with HP-UX. My browser works fine with that proxy so the problem isn't the proxy. And my code works fine with every other proxies. This proxy does return HTTP 1.0 so this well known issue isn't related.
Anyone from Sun can confirm this issue ?
Anyone else got this bug ?
Thanks in advance.
Fran�oisHi all,
When you say tunnelling, are you referring to code similiar to the code in JavaWorld Tip 111?
I am currently trying to debug some issues with that code myself. I get similiar errors when tunnelling through a proxy.
The download works correctly when a HttpsURLConnection is used to connect directly to the same site.
I am using a squid-cache as my test proxy, so I am not sure if the proxy is the problem. (assuming we are talking about the same issue)
I have noticed that a V3 site certificate seems to be more likely to fail though. I have not found a site using a V1 certificate where the tunnelling has failed.
We are also discussing what I think is the same issue in the thread "HTTPS tunneling and V3 certificates".
I have been trying to get this stuff working for a few months now.
Maybe you are looking for
-
BADI - ME_PROCESS_PO_CUST - To update Condition Types at time of creation
Hi All I'm relatively new to Implementing BADIs. I'm using the BADI ME_PROCESS_PO_CUST. I have to update certain condition types with values determined from a custom table maintained for related Vendors. I have created a 'Z' implementation for ME_PRO
-
Arabic Text in TextInput in Flash Builder 4.5.1
Hello, I am currently developing a mobile application that is supposed to work on both Android and iOS devices. I am supposed to display arabic text and also to take arabic text input from the user. While I was trying to display simple output and inp
-
I need help using my AirPlay via apple tv and Iphone4s
-
Forgot username and password for data
I inherited an iPad 2 from my mom, and she is no longer reachable. I'm trying to change the data plan into my own name and CC, but I can't log in to change it. Is there anyway to completely reset the iPad 2 data plan so that I can set up the data p
-
HELP. CAN'T GET KNOTACT 2 TO WORK IN GARAGE BAND 08.
Hey All, First time poster here. According to the Kontact 2 manual, it should be stupidly simple to use Kontact 2 in Garage Band 08. Just create a track, go to the "Sound Generator," click on "Kontact 2," and play. Great! Bottom line, I never see "Ko