Return-Path: Delivered-To: apmail-jakarta-httpclient-user-archive@www.apache.org Received: (qmail 75957 invoked from network); 4 Jan 2007 22:21:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Jan 2007 22:21:38 -0000 Received: (qmail 85239 invoked by uid 500); 4 Jan 2007 22:21:44 -0000 Delivered-To: apmail-jakarta-httpclient-user-archive@jakarta.apache.org Received: (qmail 85228 invoked by uid 500); 4 Jan 2007 22:21:43 -0000 Mailing-List: contact httpclient-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: "HttpClient User Discussion" Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-user@jakarta.apache.org Received: (qmail 85217 invoked by uid 99); 4 Jan 2007 22:21:43 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 14:21:43 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [212.227.126.183] (HELO moutng.kundenserver.de) (212.227.126.183) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 14:21:30 -0800 Received: from [85.180.16.161] (helo=[85.180.16.161]) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis), id 0ML21M-1H2axP01ii-0000N5; Thu, 04 Jan 2007 23:21:08 +0100 Message-ID: <459D7EA0.4040601@dubioso.net> Date: Thu, 04 Jan 2007 23:24:32 +0100 From: Roland Weber User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070102 SeaMonkey/1.0.7 MIME-Version: 1.0 To: HttpClient User Discussion Subject: Re: why https site returns 403 when using proxy server? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Provags-ID: kundenserver.de abuse@kundenserver.de login:4601b1d39ab4ddfc21c613822e406392 X-Virus-Checked: Checked by ClamAV on apache.org Hi Michelle, > Again, thanks for the quick response! I am amazed you figure out the > product name with the limited information. I learned just before christmas that Lotus Expeditor replaces the default HTTP connection with one based on HttpClient. I don't know of any other IBM product that does, so it was an easy guess :-) > LoadModule proxy_module modules/mod_proxy.so > #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so > #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so > LoadModule proxy_connect_module modules/mod_proxy_connect.so > LoadModule proxy_http_module modules/mod_proxy_http.so > #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so > > sounds right? I did test it with a http site and it works fine. Sorry, I can't tell you how to configure an Apache proxy. The Apache server folks have their own mailing lists. >> Have you made sure that the proxy requires only NTLMv1 and not NTLMv2? > How to find out it needs NTLMv1 or NTLMv2? actually one can access > the apache proxy server I setup without any user and password. Ok, so the code that sets up proxy credentials is actually pointless in this particular test case. This is confirmed by the log, since no authentication is requested by the proxy, and none is attempted by HttpClient. > hostConfig=HostConfiguration[host=https://www.adobe.com, > proxyHost=http://x.xx.xx.xxx] > 2007/01/04 13:54:09:218 CST [DEBUG] HttpConnection - Open connection to > x.xx.xx.xxx:80 > 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "CONNECT www.adobe.com:443 > HTTP/1.1" > 2007/01/04 13:54:09:234 CST [DEBUG] HttpMethodBase - Adding Host request > header > 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "User-Agent: Jakarta > Commons-HttpClient/3.0[\r][\n]" > 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "Host: > www.adobe.com[\r][\n]" > 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "Proxy-Connection: > Keep-Alive[\r][\n]" > 2007/01/04 13:54:09:234 CST [DEBUG] header - >> "[\r][\n]" > 2007/01/04 13:54:09:250 CST [DEBUG] header - << "HTTP/1.1 405 Method Not > Allowed[\r][\n]" > 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Date: Thu, 04 Jan 2007 > 19:54:09 GMT[\r][\n]" > 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Server: Apache/2.2.3 > (Win32)[\r][\n]" > 2007/01/04 13:54:09:250 CST [DEBUG] header - << "Allow: > GET,HEAD,POST,OPTIONS,TRACE[\r][\n]" This looks very much as if the proxy is not configured as a proxy, or at least not for tunnelling. You said you did use that proxy from a browser. Are you sure that the browser picked up the very same proxy settings you want to use with HttpClient? Maybe you can try with different browsers, just to be sure. Also make sure that you try an https: connection via the proxy. A plain http: request does not require tunnelling, so no CONNECT request would be sent. I suspect a misconfiguration of the proxy server. Loading the module is one thing, but some modules require additional configuration. If you can indeed access an https: URL through that proxy on that port with a browser, could you please use a network sniffer and post a trace of the browser communication? The Apache server documentation for the proxy modules mentions an AllowCONNECT directive, though 443 should be allowed by default. http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#allowconnect Have you defined a section as in the "Forward Proxy" basic example? cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: httpclient-user-help@jakarta.apache.org