In message <_A3146@delegate-en.ML_> on 03/08/06(22:46:41)
you "Raphael Turbatte" <firstname.lastname@example.org> wrote:
|I launched Delegate in detailed logging mode to check what was
|happening, then launched Internet Explorer and tried to go to
|www.about.com . Here is an extract of what I found in the log (I
|removed the timestamp part to make it easier to read):
|* HTTP Relay_request_head (26 bytes/2 lines)
|* Proxy: host=localhost; User-Agent: ; DIRECT
|* HTTP Relay_request done (26 bytes/2 lines)
|* REQUEST - CONNECT www.about.com:80 HTTP/1.1^M
|* ImMaster? 0 <http://-:80> <http://www.about.com:80/>
|* To another server or proxy, THRU >>> www.about.com:80 HTTP/1.1^M
|* REMOTE > CONNECT www.about.com:80 HTTP/1.1^M
|* TMPFILE(regGetResolvConf) = (26) C:/Program
|* *** gethostbyname(www.about.com): www.about.akadns.net / 0.01 secs.
|* not PERMITTED_PAIR
|* PERMITTED: https://www.about.com
|* ClosedOnTimeout(0): time=1141824397/1141824427 ppid=3352/3352 pid=1544/1544
|* StickyServer done [httpCONNECT] 2 req / 1 conn / 0 sec
|* ====> NO CONNECT was specified for: www.about.com:localhost
|* ConnectToServer connect https://www.about.com:80
|The log shows "not PERMITTED_pair" when the connect request is sent
|and then shows that Delegate transforms the request into https instead
|of http, it seems.
There is no transformation achieved, but DeleGate represents the permission
of "CONNECT" method with protocol name "https" in historical reason.
You should have seen that the connection is made to the server without
forbidden by DeleGate, in the remaining part of the LOGFILE.
The question is why the client is retrying with CONNECT method to connect
the server, reacting to 307? response.
What is the User-Agent in this case?
|Strangely enough, my config file has nearly no restrictions on that part:
To see what is the problem, it will helpful to inspect the sequence of
requests and responses including:
1) the original request toward the upstream proxy
2) the response from the upstream proxy (with 307 code?)
3) the second request sent from the client
4) the second response from the upstream proxy
These can be peeped with the following parameters:
If the response code is not 307 but is 407 with "Proxy-Authencication",
it simply represents that the upstream proxy requires Proxy authentication.
Proxy authentication will be done like follows:
HTTPCONF="add-qhead:Proxy-Authorization: Basic XXXX"
XXXX is the Base64 string of "username:passWord" which should be
shown in your LOGFILE, or the output of the following command
echo -n "userName:passWord" | delegated -FenMime -b
D G Yutaka Sato <email@example.com> http://delegate.org/y.sato/
( - ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller