In the chrome logs (original: #144, new: #344), in the firefox logs #274 show a 407 response to the attempt to CONNECT to wave.eezysys.co.uk:443.
I would expect to possibly see a 407 once, at which stage the browser should then re-attempt the connection with the proxy credentials (as described here[1], but I see no attempts to authenticate. Does the actual page load in this situation? Do other secure sites load? Ali [1]: http://tmgblog.richardhicks.com/2011/08/29/access-to-the-web-proxy-filter-on-forefront-tmg-2010-is-denied/ On 25 September 2012 09:05, Ben Hegarty <heg...@gmail.com> wrote: > Hey Ali, > Was looking over the chrome capture and I'm not sure that the one below is > very clean so I performed it again... > > https://docs.google.com/open?id=0B5FF_Ld8SzsNWG5rd0d0UnZVQU0 > > Regards > hegsie > > On Tue, Sep 25, 2012 at 8:53 AM, Ben Hegarty <heg...@gmail.com> wrote: > >> Hey Ali, >> I've tested this again with firefox to no avail... >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNaGFVV2NabEd0RFU >> >> and with chrome... >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNdmw5aThEZXF1U0k >> >> Regards >> hegsie >> >> >> On Mon, Sep 24, 2012 at 9:19 PM, Ben Hegarty <heg...@gmail.com> wrote: >> >>> Ok, will do when I'm back behind the firewall tomorrow, I'll let you know >>> how it goes. >>> Cheers >>> >>> >>> On Monday, September 24, 2012, Ali Lown wrote: >>> >>>> If you would like to test it again now/tomorrow? >>>> >>>> It took a few hours longer than I expected because I had to stop and >>>> write a patch for Wave (and have dinner, and everything else) to make >>>> it work. >>>> >>>> This should have all traffic going over port 443, so if you check in >>>> Wireshark all you should see is some TLS traffic to 71.19.144.245. >>>> >>>> Ali >>>> >>>> On 24 September 2012 17:18, Ben Hegarty <heg...@gmail.com> wrote: >>>> > Whenever you get a chance to do that I'll be happy to retest :) >>>> > Thanks again >>>> > >>>> > On Mon, Sep 24, 2012 at 5:14 PM, Ali Lown <a...@lown.me.uk> wrote: >>>> > >>>> >> Yes, packet #46 because I try to make you connect over 9898. >>>> >> (This is because I have the configuration mis-setup, but didn't want >>>> >> to reboot the wave server to fix it). >>>> >> >>>> >> I can move it so that websockets goes over 443, then I will let you >>>> >> try again. (At which time it should work fine). >>>> >> >>>> >> On 24 September 2012 17:09, Ben Hegarty <heg...@gmail.com> wrote: >>>> >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNMnlmZkZWZWtEQ28 >>>> >> > >>>> >> > Looks like you're right there Ali I'm seeing port not allowed in >>>> the http >>>> >> > packets >>>> >> > Cheers >>>> >> > >>>> >> > On Mon, Sep 24, 2012 at 5:03 PM, Ali Lown <a...@lown.me.uk> wrote: >>>> >> > >>>> >> >> Yes. >>>> >> >> >>>> >> >> On 24 September 2012 17:01, Ben Hegarty <heg...@gmail.com> wrote: >>>> >> >> > Sure I can try there too, is it still set with the same dets? >>>> >> >> > Regards >>>> >> >> > >>>> >> >> > >>>> >> >> > On Mon, Sep 24, 2012 at 4:59 PM, Ali Lown <a...@lown.me.uk> >>>> wrote: >>>> >> >> > >>>> >> >> >> Extracting the data as raw bytes from the first Websocket >>>> response >>>> >> >> >> packet (#95) gives us the following HTML page (attached). >>>> >> >> >> >>>> >> >> >> So, it is _definitely_ an issue with your proxy server not >>>> >> >> >> understanding the Websockets. >>>> >> >> >> >>>> >> >> >> For more information on exactly how they work, a good article >>>> would >>>> >> >> >> be: http://lucumr.pocoo.org/2012/9/24/websockets-101/ >>>> >> >> >> "The protocol went through many iterations and basically had to >>>> be >>>> >> >> >> changed multiple times because of unforeseen security problems >>>> that >>>> >> >> >> came up with misbehaving proxies." seems to sum-up the problem. >>>> >> >> >> >>>> >> >> >> Ali >>>> >> >> >> >>>> >> >> >> NB: When you tried on my server (https://wave.eezysys.co.uk), >>>> I am >>>> >> >> >> less certain as to why it failed there given all the traffic is >>>> >> >> >> encrypted. (Unless your company proxy is terminating my SSL >>>> >> >> >> connection, performing DPI on the now-decrypted data, and then >>>> >> >> >> re-encrypting it before presenting it to you) >>>> >> >> >> Could you do a wireshark capture for that server as well? >>>> >> >> >> Actually, it might be because my server still tries to use a >>>> >> >> >> non-standard port for the websockets, and it is quite likely >>>> you have >>>> >> >> >> most outgoing ports blocked. >>>> >> >> >> >>>> >> >> >> On 24 September 2012 16:42, Ben Hegarty <heg...@gmail.com> >>>> wrote: >>>> >> >> >> > Hey Ali, >>>> >> >> >> > Basically I get 'A turbulance' after logging in and never go >>>> online >>>> >> >> and >>>> >> >> >> no >>>> >> >> >> > wave data is saved down, you just see 'Unsaved all the time'.. >>>> >> >> >> > I've uploaded the wireshark trace to the following location :) >>>> >> >> >> > >>>> >> >> >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNMm5oOGJXajlOV00 >>>> >> >> >> > >>>> >> >> >> > HTH >>>> >> >> >> > >>>> >>> >>> >>> -- >>> Mobile Phone: +447767-322-122 >>> Work Phone: +4420 79485612 >>> >>> >> >> >> -- >> Mobile Phone: +447767-322-122 >> Work Phone: +4420 79485612 >> >> > > > -- > Mobile Phone: +447767-322-122 > Work Phone: +4420 79485612
