Article delegate-en/3613 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3612@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: How to bypass an upstream proxy server?
24 Jan 2007 11:36:45 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


On 01/24/07(00:10) you pdqhabdyi-uqy4d4vpvhjr.ml@ml.delegate.org wrote
in <_A3612@delegate-en.ML_>
 |I guess our problem is easy to solve if I would know how to do it right... 
 |;-)
 |
 |The normal internet access in our company takes place about a proxy server 
 |with user login and password. This proxy server is located at a remote 
 |data center to which we have no access. Now some of our users must have 
 |access to a special https-site (https://www.grundbuch-sh.de/egbaks). This 
 |site uses a Java applet which is automatically downloaded if the user 
 |rights for the proxy server allow it. But for security reasons most of our 
 |users are not allowed to download software from the internet and so we 
 |have to look for another solution.
 |
 |This is where delegate was brought into play. Our idea is to use a special 
 |proxy user with download rights on our delegate server to connect to the 
 |data center proxy server and from there access the https-site. Our users 
 |would connect with the delegate proxy server and could not exploit the 
 |additional rights of the proxy user because the access is restricted to 
 |this special site.

So you are not bypassing the upstream proxy but automatically passing it.

 |Is that possible with delegate and if yes how? Right now we had no success 
 |with the different configurations we had tried and we're running out of 
 |ideas. Maybe someone with a little more experience can help us? :-)
 |
 |Our actual configuration:
 |
 |$DELEGATED_BIN \
 |        ADMIN="$MAIL" \
 |        SERVER=http \
 |        MYAUTH="user:password" \
 |        $PORT \
 |        MOUNT="/* https://www.grundbuch-sh.de/egbaks/*" \
 |        DGROOT="$DIR" \
 |        PERMIT="$PERMIT" \
 |        SSLTUNNEL="$SSLTUNNEL" \
 |        HTTPCONF="ver:1.1"
 |
 |Where:
 |
 |SSLTUNNEL="hostname.remoteproxy.datacenter.de:xxxx"
 |PORT="-P8083"
 |PERMIT="*:193.101.67.139:*.our.domain.name/@"

You need to specify inserting a SSL filter into the connection with ther
server as this:

  STLS=fsv

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V