hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <http-as...@dubioso.net>
Subject Re: why https site returns 403 when using proxy server?
Date Thu, 04 Jan 2007 22:24:32 GMT
Hi Michelle,

> Again, thanks for the quick response! I am amazed you figure out the
> product name with the limited information.

I learned just before christmas that Lotus Expeditor replaces the
default HTTP connection with one based on HttpClient. I don't know
of any other IBM product that does, so it was an easy guess :-)

> LoadModule proxy_module modules/mod_proxy.so
> #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
> #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> LoadModule proxy_http_module modules/mod_proxy_http.so
> #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> 
> sounds right? I did test it with a http site and it works fine.

Sorry, I can't tell you how to configure an Apache proxy.
The Apache server folks have their own mailing lists.

>> Have you made sure that the proxy requires only NTLMv1 and not NTLMv2?
> How to find out it needs NTLMv1 or NTLMv2? actually one can access
> the apache proxy server I setup without any user and password.

Ok, so the code that sets up proxy credentials is actually
pointless in this particular test case. This is confirmed
by the log, since no authentication is requested by the
proxy, and none is attempted by HttpClient.

> hostConfig=HostConfiguration[host=https://www.adobe.com,
> proxyHost=http://x.xx.xx.xxx]
> 2007/01/04 13:54:09:218 CST [DEBUG] HttpConnection - Open connection to
> x.xx.xx.xxx:80
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "CONNECT www.adobe.com:443
> HTTP/1.1"
> 2007/01/04 13:54:09:234 CST [DEBUG] HttpMethodBase - Adding Host request
> header
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "User-Agent: Jakarta
> Commons-HttpClient/3.0[\r][\n]"
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "Host:
> www.adobe.com[\r][\n]"
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "HTTP/1.1 405 Method Not
> Allowed[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Date: Thu, 04 Jan 2007
> 19:54:09 GMT[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Server: Apache/2.2.3
> (Win32)[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Allow:
> GET,HEAD,POST,OPTIONS,TRACE[\r][\n]"

This looks very much as if the proxy is not configured as a proxy,
or at least not for tunnelling. You said you did use that proxy
from a browser. Are you sure that the browser picked up the very same
proxy settings you want to use with HttpClient? Maybe you can try
with different browsers, just to be sure. Also make sure that you
try an https: connection via the proxy. A plain http: request does
not require tunnelling, so no CONNECT request would be sent.
I suspect a misconfiguration of the proxy server. Loading the module
is one thing, but some modules require additional configuration. If
you can indeed access an https: URL through that proxy on that port
with a browser, could you please use a network sniffer and post a
trace of the browser communication?

The Apache server documentation for the proxy modules mentions
an AllowCONNECT directive, though 443 should be allowed by default.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#allowconnect
Have you defined a <Proxy *> section as in the "Forward Proxy"
basic example?

cheers,
  Roland


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message