HTTPS Recording through proxy
Hi all
I'm trying to record through a proxy using OpenScript 9.0.1. When the site is an HTTP site, all is fine and I'm asked for my proxy password and then passed on to the site. OpenScript records as expected. But when the site is HTTPS, I don't get the proxy authorisation box and eventually the following is returned. Content-length: 0 Connection: Keep-Alive
Has anyone got experience of recording HTTPS through a proxy. I'm trying to work out if it's OpenScript, the proxy or some network security issue.
I've tried both to use the IE settings or manually specify proxy settings in OpenScript.
Another interesting issue is that the 'ignore' list in IE does not seem to be used by OpenScript and there is no way in the OpenScript prefs to set a proxy ignore list?
many thanks
Wilbo.
nobody knows?How about you... do you know the answer? Then tell us. :p
Similar Messages
-
Re: (forte-users) HTTP request through proxy server
Daniel -
No, it does not. ;)
How do you say to HTTPRequest to go through proxy?
Thanks,
Taras
Daniel Nguyen wrote:
>
Hi,
It works very well. I have experienced this model for a distant Forte client
calling a Forte Server service Object for instance without any environment
and without TCP access (passing through firewall for instance).
It has also worked very well to make an injectot to improve Web Enterprise
and IIS using the SendRequest from HTTPAccess.
Hope this helps,
Daniel Nguyen
Freelance Forte Consultant
http://perso.club-internet.fr/dnguyen/
Taras Katkov a écrit:
HTTP request through proxy server using forte HTTP library?
Any experience?
Thanks,
Taras
For the archives, go to: http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.com--
For the archives, go to: http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.comYou can also use the HTTP-DC project.... You don't
need Web Enterprise for this. From what I can tell,
this is available in L.x on....
There is api documentation in M.2 (with scant
examples.)
There's a special process to put the project in your
repository (it isn't installed in the repository in
the standard install,) the documentation in M.2
(probably in M.0 too, AFAIK) that tells you how to do
this (look for HTTP-DC in the online help.)
I haven't done much with it yet, I've just installed
it. If anybody out there has examples, that'd be
great. I'll try to contribute more the moment I get a
chance to explore it....
Christopher Fury
BellSouth Communications Systems
--- Daniel Nguyen <dnguyenclub-internet.fr> wrote:
Hi,
If you have Web Enterprise, you can user
HttpAccess.SendRequest().
Hope this helps,
Daniel Nguyen
Freelance Forte Consultant
Amin, Kamran a écrit:
Is there any way to make a HTTP request from TOOLto another HTTP Service?
thanks in advance.
For the archives, go to:
http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. Tounsubscribe, send in a new
email the word: 'Unsubscribe' to:forte-users-requestlists.xpedior.com
For the archives, go to:
http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. To
unsubscribe, send in a new
email the word: 'Unsubscribe' to:
forte-users-requestlists.xpedior.com
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/ -
Dont think RMi is HTTP tunneling through proxy firewall
Hi Guys,
Does anyone know how to monitor if RMI is using the option toHTTP tunnel through a proxy ???
Many of clients sit behind firewalls/proxies that enable HTTP only. I thought RMI would, as a default, use HTTP tunneling POST, RESPONSe methods to get through, but it does not.
Would that case be insted of using Naming.lokup("RMIServer"); that i should use
Registry reg = LocateRegistry.getResgistry(serverAddress, serverPort);
reg.lookup("RMIServer");
Any help would be greatly appreciated.RMI doesn't have an option like that. Sockets do, and you get it for any socket including RMI by setting socksProxyHost and socksProxyPort.
The RMI HTTP tunnelling thing happens when there is an HTTP server at the server side. which redirects the request to an RMI server via rmi-cgi.cgi or the RMI servlet. It's automatic, as a fallback, and you can enforce its use via a system property which you can find in the Javadoc Guide to Features/Remote Method Invocation/Useful java.rmi system properties. -
Here is example code for HTTPS Tunneling through proxy(400 Lines of code
Here is the source for Https Tunneling that I have gotten working. It is based on Pua Yeow Cheong's JavaWorld Tip 111. Thanks to David Lord for providing the final breakthrough that I needed.
I have posted it here for anyone who wishes to use it. If you find any bugs, or write any improvements, please tack them onto the end of this thread.
I have been trying to tackle this problem for quite some time, so I hope this helps a few of you out there.
Lots of Luck,
nightmask.
<----- Begin Copy and Paste -------->
import java.net.*;
import java.io.*;
import java.security.*;
import sun.misc.BASE64Encoder;
import javax.net.*;
import javax.net.ssl.*;
* This example is based on JavaWorld Tip 111. Thanks to Pua Yeow Cheong for writing it.
* It tunnels through a proxy using the Https protocol.
* Thanks go to David Lord in the java forums for figuring out the main problem with Tip 111
* PLEASE NOTE: You need to have the JSSE 1.0.2 jars installed for this to work
* Downloads contents of a URL, using Proxy Tunneling and Basic Authentication
public class URLReader {
* The main program for the URLReader class
public static void main(String[] args) throws Exception {
//set up strings for use in app. Change these to your own settings
String proxyPassword = "password";
String proxyUsername = "username";
String proxyHost = "myproxy.com";
String proxyPort = "3128";
String connectionURL = "https://www.verisign.com";
//set up system properties to indicate we are using a proxy
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);
System.setProperty("proxyHost", proxyHost);
System.setProperty("proxyPort", proxyPort);
System.setProperty("proxySet", "true");
System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
System.setProperty("http.proxySet", "true");
//set up handler for jsse
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
java.security.Provider prov = new com.sun.net.ssl.internal.ssl.Provider();
Security.addProvider(prov);
//create the connection
URL myURL = new URL(connectionURL);
URLConnection myConnection = myURL.openConnection();
if (myConnection instanceof com.sun.net.ssl.HttpsURLConnection) {
((com.sun.net.ssl.HttpsURLConnection) myConnection).setSSLSocketFactory(new SSLTunnelSocketFactory(System.getProperty("proxyHost"), System.getProperty("proxyPort")));
myConnection.setDoInput(true);
myConnection.setDoOutput(true);
BufferedReader in;
try {
System.err.println("opening Input stream1");
in = new BufferedReader(
new InputStreamReader(
myConnection.getInputStream()));
String inputLine;
System.err.println("Input stream is Open1");
while ((inputLine = in.readLine()) != null) {
System.err.println(inputLine);
in.close();
System.err.println("Input stream is Closed1");
} catch (Exception e) {
e.printStackTrace(System.err);
String tmp = e.getMessage().toLowerCase().trim();
System.err.println("tmp *" + tmp + "*");
if (tmp.indexOf("http") > -1) {
//http error message to be parsed
tmp = tmp.substring(tmp.indexOf("http")).trim();
System.err.println("tmp *" + tmp + "*");
tmp = tmp.substring(8).trim();
System.err.println("tmp *" + tmp + "*");
if (tmp.startsWith("407")) {
//proxy authentication required
myURL = new URL(connectionURL);
myConnection = myURL.openConnection();
if (myConnection instanceof com.sun.net.ssl.HttpsURLConnection) {
((com.sun.net.ssl.HttpsURLConnection) myConnection).setSSLSocketFactory(new SSLTunnelSocketFactory(System.getProperty("proxyHost"), System.getProperty("proxyPort"), proxyUsername, proxyPassword));
myConnection.setDoInput(true);
myConnection.setDoOutput(true);
try {
System.err.println("opening Input stream 2");
in = new BufferedReader(
new InputStreamReader(
myConnection.getInputStream()));
String inputLine;
System.err.println("Input stream is Open 2");
while ((inputLine = in.readLine()) != null) {
System.out.println(inputLine);
in.close();
System.err.println("Input stream is closed 2");
} catch (Exception ex) {
System.err.println(ex.getMessage());
ex.printStackTrace(System.err);
* SSLSocket used to tunnel through a proxy
class SSLTunnelSocketFactory extends SSLSocketFactory {
private String tunnelHost;
private int tunnelPort;
private SSLSocketFactory dfactory;
private String tunnelPassword;
private String tunnelUserName;
private boolean socketConnected = false;
private int falsecount = 0;
* Constructor for the SSLTunnelSocketFactory object
*@param proxyHost The url of the proxy host
*@param proxyPort the port of the proxy
public SSLTunnelSocketFactory(String proxyHost, String proxyPort) {
System.err.println("creating Socket Factory");
tunnelHost = proxyHost;
tunnelPort = Integer.parseInt(proxyPort);
dfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
* Constructor for the SSLTunnelSocketFactory object
*@param proxyHost The url of the proxy host
*@param proxyPort the port of the proxy
*@param proxyUserName username for authenticating with the proxy
*@param proxyPassword password for authenticating with the proxy
public SSLTunnelSocketFactory(String proxyHost, String proxyPort, String proxyUserName, String proxyPassword) {
System.err.println("creating Socket Factory with password/username");
tunnelHost = proxyHost;
tunnelPort = Integer.parseInt(proxyPort);
tunnelUserName = proxyUserName;
tunnelPassword = proxyPassword;
dfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
* Sets the proxyUserName attribute of the SSLTunnelSocketFactory object
*@param proxyUserName The new proxyUserName value
public void setProxyUserName(String proxyUserName) {
tunnelUserName = proxyUserName;
* Sets the proxyPassword attribute of the SSLTunnelSocketFactory object
*@param proxyPassword The new proxyPassword value
public void setProxyPassword(String proxyPassword) {
tunnelPassword = proxyPassword;
* Gets the supportedCipherSuites attribute of the SSLTunnelSocketFactory
* object
*@return The supportedCipherSuites value
public String[] getSupportedCipherSuites() {
return dfactory.getSupportedCipherSuites();
* Gets the defaultCipherSuites attribute of the SSLTunnelSocketFactory
* object
*@return The defaultCipherSuites value
public String[] getDefaultCipherSuites() {
return dfactory.getDefaultCipherSuites();
* Gets the socketConnected attribute of the SSLTunnelSocketFactory object
*@return The socketConnected value
public synchronized boolean getSocketConnected() {
return socketConnected;
* Creates a new SSL Tunneled Socket
*@param s Ignored
*@param host destination host
*@param port destination port
*@param autoClose wether to close the socket automaticly
*@return proxy tunneled socket
*@exception IOException raised by an IO error
*@exception UnknownHostException raised when the host is unknown
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
Socket tunnel = new Socket(tunnelHost, tunnelPort);
doTunnelHandshake(tunnel, host, port);
SSLSocket result = (SSLSocket) dfactory.createSocket(tunnel, host, port, autoClose);
result.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {
System.out.println("Handshake Finished!");
System.out.println("\t CipherSuite :" + event.getCipherSuite());
System.out.println("\t SessionId: " + event.getSession());
System.out.println("\t PeerHost: " + event.getSession().getPeerHost());
setSocketConnected(true);
// thanks to David Lord in the java forums for figuring out this line is the problem
// result.startHandshake(); //this line is the bug which stops Tip111 from working correctly
return result;
* Creates a new SSL Tunneled Socket
*@param host destination host
*@param port destination port
*@return tunneled SSL Socket
*@exception IOException raised by IO error
*@exception UnknownHostException raised when the host is unknown
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException {
return createSocket(null, host, port, true);
* Creates a new SSL Tunneled Socket
*@param host Destination Host
*@param port Destination Port
*@param clientHost Ignored
*@param clientPort Ignored
*@return SSL Tunneled Socket
*@exception IOException Raised when IO error occurs
*@exception UnknownHostException Raised when the destination host is
* unknown
public Socket createSocket(String host, int port, InetAddress clientHost,
int clientPort)
throws IOException, UnknownHostException {
return createSocket(null, host, port, true);
* Creates a new SSL Tunneled Socket
*@param host destination host
*@param port destination port
*@return tunneled SSL Socket
*@exception IOException raised when IO error occurs
public Socket createSocket(InetAddress host, int port)
throws IOException {
return createSocket(null, host.getHostName(), port, true);
* Creates a new SSL Tunneled Socket
*@param address destination host
*@param port destination port
*@param clientAddress ignored
*@param clientPort ignored
*@return tunneled SSL Socket
*@exception IOException raised when IO exception occurs
public Socket createSocket(InetAddress address, int port,
InetAddress clientAddress, int clientPort)
throws IOException {
return createSocket(null, address.getHostName(), port, true);
* Sets the socketConnected attribute of the SSLTunnelSocketFactory object
*@param b The new socketConnected value
private synchronized void setSocketConnected(boolean b) {
socketConnected = b;
* Description of the Method
*@param tunnel tunnel socket
*@param host destination host
*@param port destination port
*@exception IOException raised when an IO error occurs
private void doTunnelHandshake(Socket tunnel, String host, int port) throws IOException {
OutputStream out = tunnel.getOutputStream();
//generate connection string
String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
+ "User-Agent: "
+ sun.net.www.protocol.http.HttpURLConnection.userAgent;
if (tunnelUserName != null && tunnelPassword != null) {
//add basic authentication header for the proxy
sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
String encodedPassword = enc.encode((tunnelUserName + ":" + tunnelPassword).getBytes());
msg = msg + "\nProxy-Authorization: Basic " + encodedPassword;
msg = msg + "\nContent-Length: 0";
msg = msg + "\nPragma: no-cache";
msg = msg + "\r\n\r\n";
System.err.println(msg);
byte b[];
try {
//we really do want ASCII7 as the http protocol doesnt change with locale
b = msg.getBytes("ASCII7");
} catch (UnsupportedEncodingException ignored) {
//If ASCII7 isn't there, something is seriously wrong!
b = msg.getBytes();
out.write(b);
out.flush();
byte reply[] = new byte[200];
int replyLen = 0;
int newlinesSeen = 0;
boolean headerDone = false;
InputStream in = tunnel.getInputStream();
boolean error = false;
while (newlinesSeen < 2) {
int i = in.read();
if (i < 0) {
throw new IOException("Unexpected EOF from Proxy");
if (i == '\n') {
headerDone = true;
++newlinesSeen;
} else
if (i != '\r') {
newlinesSeen = 0;
if (!headerDone && replyLen < reply.length) {
reply[replyLen++] = (byte) i;
//convert byte array to string
String replyStr;
try {
replyStr = new String(reply, 0, replyLen, "ASCII7");
} catch (UnsupportedEncodingException ignored) {
replyStr = new String(reply, 0, replyLen);
//we check for connection established because our proxy returns http/1.1 instead of 1.0
if (replyStr.toLowerCase().indexOf("200 connection established") == -1) {
System.err.println(replyStr);
throw new IOException("Unable to tunnel through " + tunnelHost + ":" + tunnelPort + ". Proxy returns\"" + replyStr + "\"");
//tunneling hanshake was successful
}<----- End Copy and Paste -------->BTW, if you are using an implementation in which
the http/https implementation recognises
the java.net.Authenticator properly, you can use
that framework to do basic/digest authentication.
I think Sun's JDK 1.4 supports both basic
and digest for both proxies and the actual end
site you connect via http/https, but I haven't
tested it to be sure. I know it works
with http/basic at the end host.
Today's Ob hack:
import java.net.*;
import java.io.*;
class MyAuth extends Authenticator {
protected PasswordAuthentication getPasswordAuthentication() {
System.out.println("The realm '" + getRequestingPrompt() +
"' at '" + getRequestingHost() + ":" + getRequestingPort() +
"'\n" + "using " + getRequestingProtocol() + " is requesting " +
getRequestingScheme().toUpperCase() + " authentication.");
System.out.println("");
System.out.println("What should we send them? Let's send them ...");
System.out.println("");
return new PasswordAuthentication("username", "password".toCharArray()); }
public class MyURL {
public static void main(String[] args) throws Exception {
// set to the authenticator you want to use.
Authenticator.setDefault(new myAuth());
URL url =
new URL("http://www.some.com/something_protected/index.htm");
BufferedReader in = new BufferedReader(
new InputStreamReader(
url.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
System.out.println(inputLine);
in.close(); -
Using a HTTP destination through a HTTP proxy
Hi there!
I have written a Web Dynpro application that connects to a web service using a web service model. The request is configured to use a HTTP destination by means of the _setHTTPDestinationName() method. I configured the HTTP destination in the visual administrator and it uses Logon ticket to authenticate.
All this works perfectly in my test environment. Unfortunately in my production environment the web service must be accessed through a HTTP proxy and I could not find where to configure the proxy settings for HTTP destinations.
I found some information about "open a transaction in SICF" an so on which doesn't help me because I have no ABAP client.
I found some information about configuring proxies in the NWA but this does not seem to apply to my NW version, wich is 2004 SP16.
Any clues?
Thanks in advance.Hi Olivier,
thank you for your reply.
Is there really a possiblity to configure a proxy for any given HTTP Destination in ABAP? Because if there is, I cannot believe that there is no equivalent in Java. As there is no such a thing as a HTTP Destination "for ABAP" and a HTTP Destination "for Java", what would happen if I used the HTTP Destination with proxy settings created in ABAP for my Java program?
There is another way to use a proxy which I found by analysing the generated Java classes of my web service model. You can do the following:
SomeServiceImpl service = SomeDMSModel.getServiceImpl();
service.setHTTPProxyResolver(new HTTPProxyResolver() {
HTTPProxy proxy;
public HTTPProxy getHTTPProxyForHost(String host) throws RemoteException {
if (this.proxy == null) {
this.proxy = new HTTPProxy();
this.proxy.setProxyHost("proxy.company.com");
this.proxy.setProxyPort(1234);
return this.proxy;
This is NOT a good way to do it, as it transfers a portal administration task to the programmer, but it shows that the functionality is present in Java.
So I haven't given up on finding where it has to be configured...
Edited by: Robert Rodewald on Jan 18, 2008 11:01 AM -
Help needed for CORBA over Http through proxy server[Very Urgent]
Hi Friendz,
I am new to J2EE. Right now I am learning RMI, Corba now.
In RMI, to pass through Http to bypass firewall or through proxy sever, we can use either Http to port or Http to CGI/Servlet i.e., Http tunneling.
In the same, I am running a simple corba application, i want my corba application to pass through my proxy server using http which is configured to address 127.0.0.1 and port 8118.
How to pass my corba application through proxy server. please help me and it is very urgent.
Is it possible or not, please let me know some comments about this topic
Thanks in advance Friends for your helpThis is so extremely urgent that it needs to be asked multiple times.
http://forum.java.sun.com/thread.jspa?threadID=762950 -
ASA - cut through proxy authentication for RDP?
I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
OUTSIDE to INSIDE RDP is currently working.
I have 2 servers I want RDP open for..
[*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
[*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
What's required for OUTSIDE users to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
Here is my current config.
[code]
ASA Version 8.2(5)
hostname ASA5505
names
name 10.10.0.0 LANTraffic
name 10.10.30.0 SALES
name 10.10.40.0 FoodServices
name 10.10.99.0 Management
name 10.10.20.0 Office
name 10.10.80.0 Printshop
name 10.10.60.0 Regional
name 10.10.70.0 Servers
name 10.10.50.0 ShoreTel
name 10.10.100.0 Surveillance
name 10.10.90.0 Wireless
interface Ethernet0/0
description TO INTERNET
switchport access vlan 11
interface Ethernet0/1
description TO INSIDE 3560X
switchport access vlan 10
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
security-level 50
no ip address
interface Vlan10
description Cisco 3560x
nameif INSIDE
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Vlan11
description Internet Interface
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.224
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name test.local
access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging device-id hostname
logging host INSIDE 10.10.70.100
mtu INSIDE 1500
mtu OUTSIDE 1500
ip verify reverse-path interface OUTSIDE
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 1 LANTraffic 255.255.0.0
static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
access-group RDP-INBOUND in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http Management 255.255.255.0 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.10.70.100 255.255.255.255 INSIDE
ssh Management 255.255.255.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username scott password CNjeKgq88PLZXETE encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
: end
[/code]You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC). -
Hello,
Does anyone know if the URLRequest / Loader classes are able
to connect through proxy servers? In other words, does Flash read
the PC's proxy configuration and automatically use it?
Also, I was wondering, if one was to create a Socket and then
connect to a web site...
mySocket.connect("www.mydoman.com", 80);
but the user's PC uses a proxy server to connect to the
Internet, would this
connection succeed or fail?
Thanks for your insight.
DanCheck the links below out. I think it may help you out some.
http://bugs.adobe.com/jira/browse/FP-519
http://bugs.adobe.com/jira/browse/FP-673 -
HTTPS and a Proxy server?
Does the plugin-in still not work with HTTPS and a proxy server?
From plug-in docs -
"Java Plug-in supports http, ftp, gopher and SOCKS v4 protocols through the proxy server. Currently, Java Plug-in does not support https (SSL). "Hello
I am making HTTPS calls from within my applet code and this works fine using the basic Java Plug-in support for HTTPS.
This means my code basically does:
URL url = new URL("https://myhost.com/servlet/Test");
URLConnection conn = url.openConnection();
etc..
We are using Java 1.4.2. I've read in the "How HTTPS Works in Java Plug-in" for 1.3, that the plugin uses the browsers API for making HTTPS connections. Is this still the case for 1.4?
My basic problem is that it all works fine if the browser is NOT configured to use a proxy server. If a proxy server is configured we get the following Exception in the client:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Request ( The data is invalid. )"
I have read that "Sun's Java Secure Socket Extension (JSSE) library allows you to access a secure Web server from behind a firewall via proxy tunnelling. However, JSSE expects the proxy's reply to the tunnelling request to begin with "HTTP 1.0"; otherwise, it throws an IOException" (http://www.javaworld.com/javatips/jw-javatip111_p.html)
The article talks about using the JSSE library but it seems to be assuming the client is an application not an applet.
How do I use JSSE from within an applet if all the proxy information I seem to need to set in the JSSE code is held by the browser?
Will JSSE support proxies returning responses beginning HTTP 1.1 in the future?
Any help on this would be greatly appreciated.
Many thanks
mark -
ASA - Cut-through proxy probleme
I have to configure my ASA 7.2.2 for cut-through proxy but when the users use authentication prompt ,
but only , for (http://1.1.0.2/netaccess/connstatus.html) the ASA send the following message:
User Authentication
User Authentication is not required.
help me
it is ok when one uses cut-through-proxy by ACL :
access-list ACL_INT extended permit tcp object-group PC-UAUTH_DYN host MVINCT19 eq www
access-list ACL_AUTH line 1 extended permit tcp host poste_auvinet host MVINCT19 eq www
aaa-server auth_inside protocol radius
aaa-server auth_inside host SVR-ACS-IN
key xxx
username admin password xxx privilege 15
aaa authentication match ACL_AUTH inside auth_inside
aaa authentication listener http inside port www
on a pix 525 is OKHi,
The config looks good. Please remember that successful authentication is cached (show uauth) and till it expires user will not need to authenticate again.
Please clear uauth and see if it helps.
Regards,
Vivek -
OSB 11g with PASS-THROUGH PROXY
hello all,
I my designing on latest Fusion Middleware 11g Release 1 (11.1.1.5.0)
a http soap based osb proxy service wraped around owsm saml2.0- sender- vouches-message-protection service policy
a http soap based osb business service wrapped around owsm saml2.0- sender- vouches-message-protection client policy
a standalone client is calling this Passive Intermediary Proxy
In case of pass-through proxy service,
I would like to know that is it necessary that the policy contract between client --->proxy should be similar to proxy--->backend
I think so, because proxy is not atall touching the entire stuff starting from <soap:envelope>.........</soap:envelope>
So client-sent tokens etc. must match with what back end service requires.
In general, what am I buying by routing the client call through pass-through proxy service if the back-end webservice requires that entire message must by encrypted. In this case there is nothing open for the proxy to view and make any decisions based on that through its pipeline pairs etc.Check out the following link...
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b5e.html -
HTTP-Tunneling through Apache Plug-in
Hello,
has anybody experience with HTTP-Tunneling of requests to a WLS
4.5.1SP13 through an Apache-Webserver?
I'm not able to configure the apache plug-in from weblogic to act as a
reverse proxy for requests coming from a
Java Client Application.
Any Hints available?
Remo"Jong Lee" <[email protected]> wrote in message
news:3a4a9efa$[email protected]..
>
Remo Schnidrig <[email protected]> wrote:
Hello Jong,
HTTP tunneling will append ".tun" to your request.
For apache, you can use "MatchExpression" to proxy the mime type.
i.e: add the following line to your httpd.conf
MatchExpression *.tunThat is functioning. Thank you very much.
Another question:
What about HTTPS-Tunneling through an Apache-Server?
How can I get everything through?
Thank you
Remo
We don't support https from the bridge to the server yet.
JongWhat about using HTTPS-Tunneling between our Java client and the WLS
Stronghold plug-in and HTTP-Tunneling between the plug-in and the WLS?
If this is possible, how do I have to setup the stronghold?
Remo -
Can use the Mac App Store behind a HTTP/1.1 proxy
We have an HTTP/1.1 proxy at work, and when doing a download from the Mac Apps Store, the downloaded data comes through as "Transfer-Encoding: chunked".
According to the HTTP 1.1 specification (the request is made as HTTP/1.1), the client MUST be able to decode the chunked transfer encoding (see the end of section 3.6.1 in rfc2616).
Am I missing something? Or is there a way to make the Mac App Store use HTTP/1.0, or support the standard?
Thanks.No. Only apps bought through the MAS can be updated by the MAS.
-
Lync Sign in issue through Proxy
Hi All,
Not to be confused when said Lync Sign in issue through Proxy as it is unlikely that this is an issue with the proxy settings. Find it out yourself from the behavior below.
It is in fact a weird issue that I have come across.
Overall there are almost 30 Lync Users accounts.
And they are trying to authenticate to external Lync Server.
28/30 works fine through the proxy. Except for 2 user accounts.
The proxy settings are same for all the users and no individual configurations set.
Now, here is the interesting part. Go out of the network and authenticate this 2 user account to any of the workstation which is not going through Proxy, it works. Come back to the workstation which is going through the proxy and try again, it will work
now.
Now, I am interested in finding how exactly does Microsoft authenticates their Lync users. And what are the step by step procedure of User Authentication for Lync service. And why is this happening?
Just to add some more point here, these happens only with 2 specific accounts.
And if you try using these 2 accounts on any of the 28 working workstations, which is going through the proxy, the first time, it would still fail to get authenticated.
Can someone put a highlight on these behaviors? is there any user specific settings on the lync server?
Thanks for your inputs.You can check the following blogs about Lync authentication process:
http://blog.schertz.name/2012/12/lync-2013-client-autodiscover/
http://blogs.technet.com/b/nexthop/archive/2012/11/28/lync-2010-client-authentication.aspx
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or
suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
You can enable Lync client logging to collect the log file to check the sign in process for these two users can’t sign in externally.
Lisa Zheng
TechNet Community Support -
a quick question since I do not have access to a pix I can not confirm it
say, I want to do pix cut-through proxy and authenticate access via tacacs on per user basis.
I want the user to access smtp user inside the pix will go through tacacs authentication.
my question is "do I need a statement for http on the access-list ?"
thank you.
here is the config
PIX-525# wr t
PIX Version 6.3(1)
access-list 100 permit tcp any host 155.1.1.4 eq http
access-list 100 permit tcp any host 155.1.1.4 eq smtp
access-list 150 permit tcp any host 155.1.1.4 eq http
access-list 150 permit tcp any host 155.1.1.4 eq smtp
access-group 100 in interface outside
static (inside,outside) 155.1.1.4 192.168.1.4 netmask 255.255.255.255 0 0
aaa-server AUTHEN protocol tacacs
aaa authentication match 150 outside AUTHENCut-through proxy is a feature unique to PIX Firewall that allows user-based authentication of inbound or outbound connections. A proxy server analyzes every packet at layer seven of the OSI model, which is a time- and processing-intensive function. By contrast, the PIX Firewall uses cut-through proxy to authenticate a connection and then allow traffic to flow quickly and directly.
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172790.html
Maybe you are looking for
-
My account was hacked in September -- Still no action from Verizon. Please help!
My account was hacked in September, someone added an additional line and ordered an iPhone, adding more than $600 to my account. Verizon quickly identified this as fraud and assured me that my account would be cleaned up. Almost three months later, I
-
How do I install 10.9.1 directly using an Air with 10.6.8 Snow Leopard? My friend shared a copy of the 10.9.1. installer but i can't seem to make it work. Help please!
-
ATG catalog export error in startSQLRepository
Hi, I want to export the catalog data from atg production. I followed the steps as below. 1. create FakeXADatasource.properties file in C:\ATG\ATG10.1.1\home\localconfig\atg\dynamo\service\jdbc. (There is mysql user named atguser with password atg123
-
I have a library book on the bookshelf of a newly acquired Samsung Nook but I cannot open it. My other devices work fine but I cannot activate the new unit. I get a "too many activations" error message. Customer Services say I have a valid license
-
Touch Panel Shared variable binding does not work.
Hi, Is there any reason why shared variable binding is not working under Touch Panel Target? Is there any plan for implementing or there is some trick I should know? Andras