Fwd: Using a Pac File to redirect https requests.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fwd: Using a Pac File to redirect https requests.

Sindhu
Hi,

I am trying to use a PAC file to redirect http / https requests.

The following function works for a http request but it throws an
NS_ERROR_UNKNOWN_PROXY_HOST error for* https* requests.

function FindProxyForURL(url, host) {
return "PROXY x.x.x.x;"
}

And if i change the function to :

function FindProxyForURL(url, host) {
return "PROXY x.x.x.x:443;"
}

it throws NS_ERROR_NET_RESET error.

Is it possible to redirect https requests through a PAC file? Or is there
any other way to achieve this?



---------- Forwarded message ----------
From: Patrick McManus <[hidden email]>
Date: 2 July 2014 20:15
Subject: Re: Using a Pac File to redirect https requests.
To: Sindhu <[hidden email]>
Cc: [hidden email]


you can use a PAC file to route all http and https generated by gecko.
https will of course be tunneled through the proxy using CONNECT because it
needs to be end to end for appropriate security.

e.g.

function FindProxyForURL(url, host) {
return "PROXY localhost:2443;"
}

dev-tech-network is probably the right place to followup to get the right
visibility - you should supply the pac file there.



On Wed, Jul 2, 2014 at 1:12 AM, Sindhu <[hidden email]> wrote:

> Hi,
>
> I have an extension which uses a PAC file to redirect particular requests
> to a proxy server. But this doesn't working for any *https *request.
> Firefox always uses a DIRECT connection for https requests. Is there any
> way to redirect https requests using a PAC file? Or is there any other way
> to achieve this?
>
> Sindhu Simhadri
>
> _______________________________________________
> firefox-dev mailing list
> [hidden email]
> https://mail.mozilla.org/listinfo/firefox-dev
>
>
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using a Pac File to redirect https requests.

Patrick McManus
Hi Sindhu - I I believe we have a confusion in terminology.

I believe that you are trying to proxy over TLS (or some people call it
proxy over https) - not that you are having trouble proxing https:// urls.
Is that correct?

proxying https urls should work just fine with your original configuration
- the https request will be tunneled through the proxy using the CONNECT
method and thus be opaque to the proxy, but it will be routed through it.

If you would like to proxy http:// and or https:// using an https
/TLSconnection to the proxy then you need a new feature that is on firefox
32 and newer. That's currently the aurora channel.

To use that the pac file would look like

function FindProxyForURL(url, host) {
return "HTTPS localhost:2443;"
}

Note that https:// urls will still be routed through the connect method at
the proxy. If you are trying to see the contents of the https transaction
at the proxy that is not possible - https:// urls are encrypted end to end.

hope that helps.

-Patrick


On Tue, Jul 8, 2014 at 1:55 AM, Sindhu <[hidden email]> wrote:

> Hi,
>
> I am trying to use a PAC file to redirect http / https requests.
>
> The following function works for a http request but it throws an
> NS_ERROR_UNKNOWN_PROXY_HOST error for* https* requests.
>
> function FindProxyForURL(url, host) {
> return "PROXY x.x.x.x;"
> }
>
> And if i change the function to :
>
> function FindProxyForURL(url, host) {
> return "PROXY x.x.x.x:443;"
> }
>
> it throws NS_ERROR_NET_RESET error.
>
> Is it possible to redirect https requests through a PAC file? Or is there
> any other way to achieve this?
>
>
>
> ---------- Forwarded message ----------
> From: Patrick McManus <[hidden email]>
> Date: 2 July 2014 20:15
> Subject: Re: Using a Pac File to redirect https requests.
> To: Sindhu <[hidden email]>
> Cc: [hidden email]
>
>
> you can use a PAC file to route all http and https generated by gecko.
> https will of course be tunneled through the proxy using CONNECT because it
> needs to be end to end for appropriate security.
>
> e.g.
>
> function FindProxyForURL(url, host) {
> return "PROXY localhost:2443;"
> }
>
> dev-tech-network is probably the right place to followup to get the right
> visibility - you should supply the pac file there.
>
>
>
> On Wed, Jul 2, 2014 at 1:12 AM, Sindhu <[hidden email]> wrote:
>
> > Hi,
> >
> > I have an extension which uses a PAC file to redirect particular requests
> > to a proxy server. But this doesn't working for any *https *request.
> > Firefox always uses a DIRECT connection for https requests. Is there any
> > way to redirect https requests using a PAC file? Or is there any other
> way
> > to achieve this?
> >
> > Sindhu Simhadri
> >
> > _______________________________________________
> > firefox-dev mailing list
> > [hidden email]
> > https://mail.mozilla.org/listinfo/firefox-dev
> >
> >
> _______________________________________________
> dev-tech-network mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-network
>
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using a Pac File to redirect https requests.

Sindhu
Hi Patrick,

Yes, you are right. I am trying to proxy over TLS.
I want to clarify one thing though. Is the port number in the return
statement 2443 or 443?
I tried using both(with the aurora build) and I faced issues with both.
With 2443 the page remains in a connecting state( I assume there is no
process listening on 2443) and with 443 I get the ns_error_unknown_host
error(though I'm able to connect to the domain without using a pac file).
The pac file I am using looks like this:

function FindProxyForURL(url,host) {
if(shExpMatch(host, "^www\.abc\.com$")){
var new_ip=dnsResolve("origin-www.abc.com");
  var proxyval = "HTTPS "+new_ip+":443;";
return proxyval;
}
}

  I can also send the http logs if that would help.

Sindhu Simhadri


On 8 July 2014 18:02, Patrick McManus <[hidden email]> wrote:

> Hi Sindhu - I I believe we have a confusion in terminology.
>
> I believe that you are trying to proxy over TLS (or some people call it
> proxy over https) - not that you are having trouble proxing https://
> urls. Is that correct?
>
> proxying https urls should work just fine with your original configuration
> - the https request will be tunneled through the proxy using the CONNECT
> method and thus be opaque to the proxy, but it will be routed through it.
>
> If you would like to proxy http:// and or https:// using an https
> /TLSconnection to the proxy then you need a new feature that is on firefox
> 32 and newer. That's currently the aurora channel.
>
> To use that the pac file would look like
>
> function FindProxyForURL(url, host) {
> return "HTTPS localhost:2443;"
> }
>
> Note that https:// urls will still be routed through the connect method
> at the proxy. If you are trying to see the contents of the https
> transaction at the proxy that is not possible - https:// urls are
> encrypted end to end.
>
> hope that helps.
>
> -Patrick
>
>
> On Tue, Jul 8, 2014 at 1:55 AM, Sindhu <[hidden email]> wrote:
>
>> Hi,
>>
>> I am trying to use a PAC file to redirect http / https requests.
>>
>> The following function works for a http request but it throws an
>> NS_ERROR_UNKNOWN_PROXY_HOST error for* https* requests.
>>
>>
>> function FindProxyForURL(url, host) {
>> return "PROXY x.x.x.x;"
>> }
>>
>> And if i change the function to :
>>
>> function FindProxyForURL(url, host) {
>> return "PROXY x.x.x.x:443;"
>> }
>>
>> it throws NS_ERROR_NET_RESET error.
>>
>> Is it possible to redirect https requests through a PAC file? Or is there
>> any other way to achieve this?
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Patrick McManus <[hidden email]>
>> Date: 2 July 2014 20:15
>> Subject: Re: Using a Pac File to redirect https requests.
>> To: Sindhu <[hidden email]>
>> Cc: [hidden email]
>>
>>
>> you can use a PAC file to route all http and https generated by gecko.
>> https will of course be tunneled through the proxy using CONNECT because
>> it
>> needs to be end to end for appropriate security.
>>
>> e.g.
>>
>> function FindProxyForURL(url, host) {
>> return "PROXY localhost:2443;"
>> }
>>
>> dev-tech-network is probably the right place to followup to get the right
>> visibility - you should supply the pac file there.
>>
>>
>>
>> On Wed, Jul 2, 2014 at 1:12 AM, Sindhu <[hidden email]> wrote:
>>
>> > Hi,
>> >
>> > I have an extension which uses a PAC file to redirect particular
>> requests
>> > to a proxy server. But this doesn't working for any *https *request.
>>
>> > Firefox always uses a DIRECT connection for https requests. Is there any
>> > way to redirect https requests using a PAC file? Or is there any other
>> way
>> > to achieve this?
>> >
>> > Sindhu Simhadri
>> >
>> > _______________________________________________
>> > firefox-dev mailing list
>> > [hidden email]
>> > https://mail.mozilla.org/listinfo/firefox-dev
>> >
>> >
>> _______________________________________________
>> dev-tech-network mailing list
>> [hidden email]
>> https://lists.mozilla.org/listinfo/dev-tech-network
>>
>
>
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using a Pac File to redirect https requests.

Patrick McManus
The port number is the number of the port that the proxy is listening on in
your config - in mine that was 2443. For you it looks like 443.

You are probably having a problem authenticating that host, given that you
are using an IP address for it.. TLS requires a certificate witha matching
hostname chained to a CA in the trust store. So I recommend

return "HTTPS origin-www.abc.com:443;"

and then the proxy will need a signed cert for that name.


On Fri, Jul 11, 2014 at 7:39 AM, Sindhu <[hidden email]> wrote:

> Hi Patrick,
>
> Yes, you are right. I am trying to proxy over TLS.
> I want to clarify one thing though. Is the port number in the return
> statement 2443 or 443?
> I tried using both(with the aurora build) and I faced issues with both.
> With 2443 the page remains in a connecting state( I assume there is no
> process listening on 2443) and with 443 I get the ns_error_unknown_host
> error(though I'm able to connect to the domain without using a pac file).
> The pac file I am using looks like this:
>
> function FindProxyForURL(url,host) {
> if(shExpMatch(host, "^www\.abc\.com$")){
> var new_ip=dnsResolve("origin-www.abc.com");
>   var proxyval = "HTTPS "+new_ip+":443;";
> return proxyval;
> }
> }
>
>   I can also send the http logs if that would help.
>
> Sindhu Simhadri
>
>
> On 8 July 2014 18:02, Patrick McManus <[hidden email]> wrote:
>
>> Hi Sindhu - I I believe we have a confusion in terminology.
>>
>> I believe that you are trying to proxy over TLS (or some people call it
>> proxy over https) - not that you are having trouble proxing https://
>> urls. Is that correct?
>>
>> proxying https urls should work just fine with your original
>> configuration - the https request will be tunneled through the proxy using
>> the CONNECT method and thus be opaque to the proxy, but it will be routed
>> through it.
>>
>> If you would like to proxy http:// and or https:// using an https
>> /TLSconnection to the proxy then you need a new feature that is on firefox
>> 32 and newer. That's currently the aurora channel.
>>
>> To use that the pac file would look like
>>
>> function FindProxyForURL(url, host) {
>> return "HTTPS localhost:2443;"
>> }
>>
>> Note that https:// urls will still be routed through the connect method
>> at the proxy. If you are trying to see the contents of the https
>> transaction at the proxy that is not possible - https:// urls are
>> encrypted end to end.
>>
>> hope that helps.
>>
>> -Patrick
>>
>>
>> On Tue, Jul 8, 2014 at 1:55 AM, Sindhu <[hidden email]> wrote:
>>
>>> Hi,
>>>
>>> I am trying to use a PAC file to redirect http / https requests.
>>>
>>> The following function works for a http request but it throws an
>>> NS_ERROR_UNKNOWN_PROXY_HOST error for* https* requests.
>>>
>>>
>>> function FindProxyForURL(url, host) {
>>> return "PROXY x.x.x.x;"
>>> }
>>>
>>> And if i change the function to :
>>>
>>> function FindProxyForURL(url, host) {
>>> return "PROXY x.x.x.x:443;"
>>> }
>>>
>>> it throws NS_ERROR_NET_RESET error.
>>>
>>> Is it possible to redirect https requests through a PAC file? Or is there
>>> any other way to achieve this?
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Patrick McManus <[hidden email]>
>>> Date: 2 July 2014 20:15
>>> Subject: Re: Using a Pac File to redirect https requests.
>>> To: Sindhu <[hidden email]>
>>> Cc: [hidden email]
>>>
>>>
>>> you can use a PAC file to route all http and https generated by gecko.
>>> https will of course be tunneled through the proxy using CONNECT because
>>> it
>>> needs to be end to end for appropriate security.
>>>
>>> e.g.
>>>
>>> function FindProxyForURL(url, host) {
>>> return "PROXY localhost:2443;"
>>> }
>>>
>>> dev-tech-network is probably the right place to followup to get the right
>>> visibility - you should supply the pac file there.
>>>
>>>
>>>
>>> On Wed, Jul 2, 2014 at 1:12 AM, Sindhu <[hidden email]> wrote:
>>>
>>> > Hi,
>>> >
>>> > I have an extension which uses a PAC file to redirect particular
>>> requests
>>> > to a proxy server. But this doesn't working for any *https *request.
>>>
>>> > Firefox always uses a DIRECT connection for https requests. Is there
>>> any
>>> > way to redirect https requests using a PAC file? Or is there any other
>>> way
>>> > to achieve this?
>>> >
>>> > Sindhu Simhadri
>>> >
>>> > _______________________________________________
>>> > firefox-dev mailing list
>>> > [hidden email]
>>> > https://mail.mozilla.org/listinfo/firefox-dev
>>> >
>>> >
>>> _______________________________________________
>>> dev-tech-network mailing list
>>> [hidden email]
>>> https://lists.mozilla.org/listinfo/dev-tech-network
>>>
>>
>>
>
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Loading...