Silly spellcheck operator (me).
archive = achieve
Sorry about my dismal spelling
Oleg
On Thu, May 12, 2005 at 04:32:33PM +0200, Oleg Kalnichevski wrote:
> Bindul,
>
> First off, what is it that you are trying to archive: download a file
> hosted on an FTP server via an HTTP proxy or tunnel arbitrary protocols
> via an HTTP proxy? HTTP proxies generally support two modes of
> operation: (1) forwarding requests on behalf of a client using a native
> protocol (proxy must natively support protocols in question) (2)
> tunneling arbitrary (often encrypted) data (the proxy does not have to
> support the protocol used). As it seems the MS proxy you are using has
> been configured to disallow tunneling on all ports other than 443 and
> 8443 for security reasons. At the same time the server can access FTP
> resources in the delegation mode. Depending on what you are trying to
> achieve I can recommend further actions to be taken
>
> Oleg
>
>
> On Thu, May 12, 2005 at 07:37:12PM +0530, Bindul Bhowmik (GMail) wrote:
> > Oleg,
> >
> > I still am not able to figure out the problem. The proxy server we use
> > is a Microsoft ISA server, which requires NTLM authentication.
> >
> > Could you please post the test code you have? Here is the one I am
> > using to get the socket:
> >
> > <code_snip>
> > private Socket getSocket(String host, int port) throws IOException {
> >
> > HostConfiguration hostConfiguration = new HostConfiguration();
> > ProxyClient proxyClient = new ProxyClient();
> >
> > // Proxy information
> > hostConfiguration.setProxy("proxyserver", 9999);
> > NTCredentials credentials = new NTCredentials("user",
> > "password",
> > "proxyserver", "domain");
> >
> > proxyClient.getState().setProxyCredentials(new
> > AuthScope("proxyserver", AuthScope.ANY_PORT, AuthScope.ANY_SCHEME),
> > credentials);
> >
> > Protocol ftpProtocol = new Protocol("ftp", new
> > DefaultProtocolSocketFactory(), 21);
> > hostConfiguration.setHost(host, port, ftpProtocol);
> >
> > proxyClient.setHostConfiguration(hostConfiguration);
> >
> >
> > ProxyClient.ConnectResponse connectResponse =
> > proxyClient.connect();
> >
> > if (connectResponse.getSocket() == null) {
> > throw new IOException("Could not connect through
> > proxy");
> > }
> >
> > return connectResponse.getSocket();
> > }
> > </code_snip>
> >
> > Bindul
> >
> > On 5/12/05, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
> > > Bindul,
> > >
> > > I tested ProxyClient with Squid 2.5 STABLE9 and it worked perfectly well
> > > for me:
> > >
> > > [DEBUG] header - ->> "CONNECT ftp.bluewin.ch:21 HTTP/1.1"
> > > [DEBUG] header - ->> "User-Agent: Jakarta Commons-HttpClient/3.0-rc2
> > > [\r][\n]"
> > > [DEBUG] header - ->> "Host: ftp.bluewin.ch:21[\r][\n]"
> > > [DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> > > [DEBUG] header - ->> "[\r][\n]"
> > > [DEBUG] header - -<< "HTTP/1.0 407 Proxy Authentication Required
> > > [\r][\n]"
> > > [DEBUG] header - -<< "Server: squid/2.5.STABLE9[\r][\n]"
> > > [DEBUG] header - -<< "Mime-Version: 1.0[\r][\n]"
> > > [DEBUG] header - -<< "Date: Wed, 11 May 2005 20:22:56 GMT[\r][\n]"
> > > [DEBUG] header - -<< "Content-Type: text/html[\r][\n]"
> > > [DEBUG] header - -<< "Content-Length: 1303[\r][\n]"
> > > [DEBUG] header - -<< "Expires: Wed, 11 May 2005 20:22:56 GMT[\r][\n]"
> > > [DEBUG] header - -<< "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[\r][\n]"
> > > [DEBUG] header - -<< "Proxy-Authenticate: Basic realm="squid"[\r][\n]"
> > > [DEBUG] header - -<< "X-Cache: MISS from localhost.localdomain[\r][\n]"
> > > [DEBUG] header - -<< "Proxy-Connection: keep-alive[\r][\n]"
> > > [DEBUG] header - ->> "CONNECT ftp.bluewin.ch:21 HTTP/1.0"
> > > [DEBUG] header - ->> "User-Agent: Jakarta Commons-HttpClient/3.0-rc2
> > > [\r][\n]"
> > > [DEBUG] header - ->> "Proxy-Authorization: Basic c3F1aWQ6c3F1aWQ=
> > > [\r][\n]"
> > > [DEBUG] header - ->> "Host: ftp.bluewin.ch:21[\r][\n]"
> > > [DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> > > [DEBUG] header - ->> "[\r][\n]"
> > > [DEBUG] header - -<< "HTTP/1.0 200 Connection established[\r][\n]"
> > > 220 195.186.6.165 FTP server ready
> > >
> > > Oleg
> > >
> > >
> > > On Wed, 2005-05-11 at 20:05 +0530, Bindul Bhowmik (GMail) wrote:
> > > > Oleg,
> > > >
> > > > I am not sure if I am missing something here. When I connect to a ftp
> > > > site using the browser, it uses the same proxy and tunnel (or am I
> > > > wrong?). Is there something else I need to do to go through the tunnel
> > > > and connect to an ftp site?
> > > >
> > > > If anyone is interested I could send the code I am using to get the
> > > > socket.
> > > >
> > > > - Bindul
> > > >
> > > > On 5/10/05, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
> > > > > Bindul,
> > > > >
> > > > > HTTP CONNECT (aka HTTP tunneling) has been primarily designed to
> > > > > enable
> > > > > secure (primarily SSL) connections via HTTP proxies, hence the error
> > > > > message. There's absolutely nothing that prevents other protocols from
> > > > > being tunneled in the same manner, provided the proxy is configured to
> > > > > allow outgoing connections to a particular port. My _guess_ this
> > > > > problem caused by the ISS configuration, rather than a bug in
> > > > > HttpClient
> > > > > or your code
> > > > >
> > > > > Oleg
> > > > >
> > > > > On Tue, May 10, 2005 at 09:57:58PM +0530, Bindul Bhowmik (GMail)
> > > > > wrote:
> > > > > > Oleg,
> > > > > >
> > > > > > The port here is 21. I get this from the configuration of the FTP
> > > > > > host
> > > > > > I have to connect to through the HTTP tunnel. I am not sure where
> > > > > > the
> > > > > > SSL port comes in from!
> > > > > >
> > > > > > FYI, the proxy we use is a Microsoft ISA server requiring NTLM
> > > > > > authentication. And except for
> > > > > > > > proxyClient.getState().setProxyCredentials(new
> > > > > > > > AuthScope("proxy",
> > > > > > > > -1), credentials);
> > > > > > the rest of the piece works fine with httpclient-2.0.2 and
> > > > > > HTTPClient
> > > > > > instead of ProxyClient, which we use to download files over HTTP in
> > > > > > the same application.
> > > > > >
> > > > > > I had to move to 3.0rc2 since ProxyClient or
> > > > > > HTTPConnection#getSocket() were not available in 2.0.2
> > > > > >
> > > > > > - Bindul
> > > > > >
> > > > > > On 5/10/05, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
> > > > > > > Bindul,
> > > > > > >
> > > > > > > > hostConfiguration.setHost(host, port, httpClientProtocol);
> > > > > > >
> > > > > > > What is the value of the port parameter? If it is not 443 are you
> > > > > > > sure
> > > > > > > the proxy has been configured to allow outgoing connections to
> > > > > > > that
> > > > > > > port?
> > > > > > >
> > > > > > > Oleg
> > > > > > >
> > > > > > > On Tue, May 10, 2005 at 08:41:05PM +0530, Bindul Bhowmik (GMail)
> > > > > > > wrote:
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I am trying to tunnel a FTP stream over an HTTP Tunnel proxy. I
> > > > > > > > am
> > > > > > > > trying to use the ProxyClient class of commons-client for that.
> > > > > > > > I am
> > > > > > > > using commons-net as my FTP Client, and have written an
> > > > > > > > implementation
> > > > > > > > of SocketFactory to be used for FTP connections over the Proxy.
> > > > > > > >
> > > > > > > > Inside my SocketFactory implementation, I am getting the socket
> > > > > > > > from
> > > > > > > > ProxyClient.ConnectResponse#getSocket() class. The code I use
> > > > > > > > is:
> > > > > > > >
> > > > > > > > <code_snip>
> > > > > > > > ProxyClient proxyClient = new ProxyClient();
> > > > > > > > HostConfiguration hostConfiguration =
> > > > > > > > proxyClient.getHostConfiguration();
> > > > > > > > hostConfiguration.setHost(host, port,
> > > > > > > > httpClientProtocol);
> > > > > > > > hostConfiguration.setProxy("proxy", 8085);
> > > > > > > > NTCredentials credentials =
> > > > > > > > getNTCredentials("domain\\user",
> > > > > > > > "password","proxy");
> > > > > > > >
> > > > > > > > // Set the proxy credentials
> > > > > > > > proxyClient.getState().setProxyCredentials(new
> > > > > > > > AuthScope("proxy",
> > > > > > > > -1), credentials);
> > > > > > > >
> > > > > > > > ProxyClient.ConnectResponse response =
> > > > > > > > proxyClient.connect();
> > > > > > > > if (response.getSocket() == null) {
> > > > > > > > throw new IOException("Connection through
> > > > > > > > proxy could not be opened");
> > > > > > > > }
> > > > > > > >
> > > > > > > > return response.getSocket();
> > > > > > > > </code_snip>
> > > > > > > >
> > > > > > > > However, the getSocket() method returns null, and on setting
> > > > > > > > the log
> > > > > > > > level to FINE, the last response from the Proxy says:
> > > > > > > >
> > > > > > > > <pre>
> > > > > > > > HTTP/1.1 502 Proxy Error ( The specified Secure Sockets Layer
> > > > > > > > (SSL)
> > > > > > > > port is not allowed. ISA Server is not configured to allow SSL
> > > > > > > > requests from this port. Most Web browsers use port 443 for SSL
> > > > > > > > requests. )
> > > > > > > > </pre>
> > > > > > > >
> > > > > > > > This problem is related to the ones discussed in the
> > > > > > > > commons-user
> > > > > > > > threads:
> > > > > > > > http://mail-archives.apache.org/mod_mbox/jakarta-commons-user/200504.mbox/[EMAIL
> > > > > > > > PROTECTED]
> > > > > > > > and
> > > > > > > > http://mail-archives.apache.org/mod_mbox/jakarta-commons-user/200504.mbox/[EMAIL
> > > > > > > > PROTECTED]
> > > > > > > > Any help in solving this would be great.
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > Bindul
> > > > > > > >
> > > > > > > > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
