Bindul,
I have to plead ignorant to what common browsers do when executing FTP
requests via an authenticating HTTP proxy. What I can do for you is to
try to reproduce the problem using Squid proxy on my PC at home. I would
be quite helpful if you could post a code snippet that demonstrates the
problem with the least amount of code and minimal number of external
dependencies. Alternatively, a session dump captured off the wire with
ethereal or another traffic analyzer may help as well.
Make sure you have all the security sensitive credentials obfuscated
prior to posting code snippets or wire dumps to this list
Oleg
On Wed, May 11, 2005 at 08:05:00PM +0530, Bindul Bhowmik (GMail) wrote:
> Oleg,
>
> I am not sure if I am missing something here. When I connect to a ftp
> site using the browser, it uses the same proxy and tunnel (or am I
> wrong?). Is there something else I need to do to go through the tunnel
> and connect to an ftp site?
>
> If anyone is interested I could send the code I am using to get the socket.
>
> - Bindul
>
> On 5/10/05, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
> > Bindul,
> >
> > HTTP CONNECT (aka HTTP tunneling) has been primarily designed to enable
> > secure (primarily SSL) connections via HTTP proxies, hence the error
> > message. There's absolutely nothing that prevents other protocols from
> > being tunneled in the same manner, provided the proxy is configured to
> > allow outgoing connections to a particular port. My _guess_ this
> > problem caused by the ISS configuration, rather than a bug in HttpClient
> > or your code
> >
> > Oleg
> >
> > On Tue, May 10, 2005 at 09:57:58PM +0530, Bindul Bhowmik (GMail) wrote:
> > > Oleg,
> > >
> > > The port here is 21. I get this from the configuration of the FTP host
> > > I have to connect to through the HTTP tunnel. I am not sure where the
> > > SSL port comes in from!
> > >
> > > FYI, the proxy we use is a Microsoft ISA server requiring NTLM
> > > authentication. And except for
> > > > > proxyClient.getState().setProxyCredentials(new
> > > > > AuthScope("proxy",
> > > > > -1), credentials);
> > > the rest of the piece works fine with httpclient-2.0.2 and HTTPClient
> > > instead of ProxyClient, which we use to download files over HTTP in
> > > the same application.
> > >
> > > I had to move to 3.0rc2 since ProxyClient or
> > > HTTPConnection#getSocket() were not available in 2.0.2
> > >
> > > - Bindul
> > >
> > > On 5/10/05, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
> > > > Bindul,
> > > >
> > > > > hostConfiguration.setHost(host, port, httpClientProtocol);
> > > >
> > > > What is the value of the port parameter? If it is not 443 are you sure
> > > > the proxy has been configured to allow outgoing connections to that
> > > > port?
> > > >
> > > > Oleg
> > > >
> > > > On Tue, May 10, 2005 at 08:41:05PM +0530, Bindul Bhowmik (GMail) wrote:
> > > > > Hi,
> > > > >
> > > > > I am trying to tunnel a FTP stream over an HTTP Tunnel proxy. I am
> > > > > trying to use the ProxyClient class of commons-client for that. I am
> > > > > using commons-net as my FTP Client, and have written an implementation
> > > > > of SocketFactory to be used for FTP connections over the Proxy.
> > > > >
> > > > > Inside my SocketFactory implementation, I am getting the socket from
> > > > > ProxyClient.ConnectResponse#getSocket() class. The code I use is:
> > > > >
> > > > > <code_snip>
> > > > > ProxyClient proxyClient = new ProxyClient();
> > > > > HostConfiguration hostConfiguration =
> > > > > proxyClient.getHostConfiguration();
> > > > > hostConfiguration.setHost(host, port,
> > > > > httpClientProtocol);
> > > > > hostConfiguration.setProxy("proxy", 8085);
> > > > > NTCredentials credentials =
> > > > > getNTCredentials("domain\\user",
> > > > > "password","proxy");
> > > > >
> > > > > // Set the proxy credentials
> > > > > proxyClient.getState().setProxyCredentials(new
> > > > > AuthScope("proxy",
> > > > > -1), credentials);
> > > > >
> > > > > ProxyClient.ConnectResponse response =
> > > > > proxyClient.connect();
> > > > > if (response.getSocket() == null) {
> > > > > throw new IOException("Connection through proxy
> > > > > could not be opened");
> > > > > }
> > > > >
> > > > > return response.getSocket();
> > > > > </code_snip>
> > > > >
> > > > > However, the getSocket() method returns null, and on setting the log
> > > > > level to FINE, the last response from the Proxy says:
> > > > >
> > > > > <pre>
> > > > > HTTP/1.1 502 Proxy Error ( The specified Secure Sockets Layer (SSL)
> > > > > port is not allowed. ISA Server is not configured to allow SSL
> > > > > requests from this port. Most Web browsers use port 443 for SSL
> > > > > requests. )
> > > > > </pre>
> > > > >
> > > > > This problem is related to the ones discussed in the commons-user
> > > > > threads:
> > > > > http://mail-archives.apache.org/mod_mbox/jakarta-commons-user/200504.mbox/[EMAIL
> > > > > PROTECTED]
> > > > > and
> > > > > http://mail-archives.apache.org/mod_mbox/jakarta-commons-user/200504.mbox/[EMAIL
> > > > > PROTECTED]
> > > > > Any help in solving this would be great.
> > > > >
> > > > > Regards,
> > > > > Bindul
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
