hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erxiang Liu <erxi...@us.ibm.com>
Subject Re: why https site returns 403 when using proxy server?
Date Mon, 08 Jan 2007 19:47:12 GMT

Hi, Roland:

Just want to thank you so much for your quick and precise support.

Yes. the proxy server is not configured right.
So we tried to reconfigure the IBM http server. We first enable
the ssl module and make sure we can access the server
from https://x.xx.xx.xxx. then did quite a lot other configurations. It is
not that straightforward.
Then we can get the https site programmatically and through the web browser
via the proxy server.

I also tried to configure another apache http server. What confused me a
little
is that i did not need to enable the ssl module and still can  get to the
https site programmatically and
through the web browser via this apache server..

Anyway, this is a very good learning experience. thank you. this is a very
helpful mailing list.

thanks,

Michelle



                                                                           
             Roland Weber                                                  
             <http-async@dubio                                             
             so.net>                                                    To 
                                       HttpClient User Discussion          
             01/04/2007 04:24          <httpclient-user@jakarta.apache.org 
             PM                        >                                   
                                                                        cc 
                                                                           
             Please respond to                                     Subject 
             "HttpClient User          Re: why https site returns 403 when 
                Discussion"            using proxy server?                 
             <httpclient-user@                                             
             jakarta.apache.or                                             
                    g>                                                     
                                                                           
                                                                           
                                                                           




Hi Michelle,

> Again, thanks for the quick response! I am amazed you figure out the
> product name with the limited information.

I learned just before christmas that Lotus Expeditor replaces the
default HTTP connection with one based on HttpClient. I don't know
of any other IBM product that does, so it was an easy guess :-)

> LoadModule proxy_module modules/mod_proxy.so
> #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
> #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> LoadModule proxy_http_module modules/mod_proxy_http.so
> #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
>
> sounds right? I did test it with a http site and it works fine.

Sorry, I can't tell you how to configure an Apache proxy.
The Apache server folks have their own mailing lists.

>> Have you made sure that the proxy requires only NTLMv1 and not NTLMv2?
> How to find out it needs NTLMv1 or NTLMv2? actually one can access
> the apache proxy server I setup without any user and password.

Ok, so the code that sets up proxy credentials is actually
pointless in this particular test case. This is confirmed
by the log, since no authentication is requested by the
proxy, and none is attempted by HttpClient.

> hostConfig=HostConfiguration[host=https://www.adobe.com,
> proxyHost=http://x.xx.xx.xxx]
> 2007/01/04 13:54:09:218 CST [DEBUG] HttpConnection - Open connection to
> x.xx.xx.xxx:80
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "CONNECT
www.adobe.com:443
> HTTP/1.1"
> 2007/01/04 13:54:09:234 CST [DEBUG] HttpMethodBase - Adding Host request
> header
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "User-Agent: Jakarta
> Commons-HttpClient/3.0[\r][\n]"
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "Host:
> www.adobe.com[\r][\n]"
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "HTTP/1.1 405 Method Not
> Allowed[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Date: Thu, 04 Jan 2007
> 19:54:09 GMT[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Server: Apache/2.2.3
> (Win32)[\r][\n]"
> 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Allow:
> GET,HEAD,POST,OPTIONS,TRACE[\r][\n]"

This looks very much as if the proxy is not configured as a proxy,
or at least not for tunnelling. You said you did use that proxy
from a browser. Are you sure that the browser picked up the very same
proxy settings you want to use with HttpClient? Maybe you can try
with different browsers, just to be sure. Also make sure that you
try an https: connection via the proxy. A plain http: request does
not require tunnelling, so no CONNECT request would be sent.
I suspect a misconfiguration of the proxy server. Loading the module
is one thing, but some modules require additional configuration. If
you can indeed access an https: URL through that proxy on that port
with a browser, could you please use a network sniffer and post a
trace of the browser communication?

The Apache server documentation for the proxy modules mentions
an AllowCONNECT directive, though 443 should be allowed by default.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#allowconnect
Have you defined a <Proxy *> section as in the "Forward Proxy"
basic example?

cheers,
  Roland


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message