Article delegate-en/1027 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Tunneling through HTTP
19 Feb 2001 13:28:00 GMT James Johnston <>

I am facing the same problem.  Could you give me an example of how to do
this (tunneling applications through HTTP proxy server that checks to make
sure of HTTP content)?  Security policy is not violated, however, we need to
keep down the open ports on the proxy.  This is a special case and does not
violate policy.  The Windows application opens custom TCP ports and cannot
be configured for a proxy server, so I need to figure out how to get this

Application --> DeleGate --> HTTP proxy that checks for HTTP content -->
Internet --> Another DeleGate server --> Destination host

James Johnston
E-mail:  johnston-james@bigfoot..

-- Message in "Tunneling Applications through HTTP"

Yes the firewall checks that the traffic is HTTP. There is no issue about
violating security policy: The use is for a  demo application and the setup
will be done by the firewall people. We want to try to minimize changes to
the firewall (such as opening ports)  but instead setup  thetunnel server
(remember the tunnel requires software on both sides of the Firewall) and
then remove the servers by wiping the demo machines clean.

Would appreciate if you  could clarify your comment that DeleGate could be
setup: If you could send me a samle set of command lines to invoke Delegate
or the control files etc I would really appreciate it.


Amit Joshii

ysato/55:41 AM

Please respond to

cc:   Amit Joshi/LBI/Liberty
Subject:  Re: [DeleGate-En] Tunneling applications using HTTP

On 05/13/99(03:49) you wrote
in <_A445@delegate-en.ML_>
|I am trying to use delegate to setup a tunnel across a firewall that only
|permits http.
|What I want to do is the following:
|client <---generic tcp --->delegate <---http--->delegate<---generic
|where the client <-->server protocol is proprietary (actually structures
|passed over
|sockets) and the http part (between the two delegated processes) passing
|through one or
|more firewalls. This is the classic http tunnel problem.
|I tried various combinations but they don't work. If there is no
|requirement of http in the
|middle then the tcprelay option works.
Do you mean that your firewall checks not only whether the port
number in packets is 80 but also whether the content of a packet
is in the message formats of HTTP protocol?
Even so I think you can configure cascaded DeleGates to tunnel
across such firewall.  But I'm not sure whether or not such kind
of usage of DeleGate does not violate a security policy of a network...

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]