We have a SQuid Proxy setup on Windows Server with NTLM authentication helper (mswin_ntlm_auth).
WinHTTP authentication as described in https://msdn.microsoft.com/en-us/library/windows/desktop/aa383144(v=vs.85).aspx is not getting passed and server is returning 407 even after passing correct credentails.
Setting WINHTTP_OPTION_AUTOLOGON_POLICY as LOW is also not self authenticating.
SQuid logs suggests as:
mswin_ntlm_auth[3384]: sending 'NA Got authentication request instead of negotiate request' to squid
Related
A different thread pointed out a couple of services that would require a client MTLS certificate, accept any cert, and then respond with information about the SSL handshake/certs.
HTTPS test server that checks client certificates
These endpoints both return HTML. Does anyone know of anything similar that returns application/json?
The URLs below will return application/json content upon successfully mutual TLS client certificate authentication. If no authentication is peformed, then HTTP error 403 is returned in the HTTP headers and the response is empty:
https://certauth.idrix.fr/json (TLS 1.2 only)
https://certauth.cryptomix.com/json (TLS 1.2 and TLS 1.3)
The json returned in case of success contains various technical information about the established connection.
can the proxy server intercept my https request and set cookies before actually sending the request?
I'm going a GET on an url from chrome browser. In the development tools, under "Network", I noticed that the first request, the one that I made, has cookies set. but I did not set any cookies.
any thoughts?
No it can't. To proxy HTTPS requests your browser issues HTTP CONNECT command (https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT). Proxy then creates a tunnel between the browser and a target server.
A conventional proxy can neither view nor manipulate a TLS-encrypted data stream, so a CONNECT request simply asks the proxy to open a pipe between the client and server. The proxy here is just a facilitator - it blindly forwards data in both directions without knowing anything about the contents. The negotiation of the TLS connection happens over this pipe, and the subsequent flow of requests and responses are completely opaque to the proxy.
It cannot modify or see what is being transferred as it is protected by TLS encryption.
The only way to modify HTTPS conenctions on the fly is if you install some external CA certificates on your computer. This is known as MITM Attack.
I wanted the wso2 api store to be access from http instead of https .
is there any way that we can disable the https .??
for now what i have done , i have removed the redirect from http to https in tomcat server.xml , and while calling the add user it is adding as well as i can see when i call the login.jag to authorize the user it is making the session ...but when after calling pages like list-apis.jag , i am getting null in the session .. that means adding user / login are using https and other pages are using http , in that case session is removed when switched to http..is there any way to sort out this issue .?
You can use a proxy server or http server (nginx) to front api manager and do a url redirection
We have a C\S model program. And users use client to connect our server. But some company users surf the Internet via HTTP proxy Server(not SOCKS4 or SOCKS5 proxy server). In this case, we need provide a feature to set the client proxy server(just like some other software). If do so, we should package our original data to Http protocol. So I want to know:
Is the method OK? Or there are some other better method to solve the problem.
If do so, Can our server send data to client initiatively?
Do you know other released software which have the feature to set proxy server how to deal this problem?
That is not how HTTP proxies work. You do not have to re-package your existing data as HTTP. All you need to do is:
connect to the HTTP proxy port, and send it an HTTP CONNECT request specifying the host/IP and port to connect to, eg:
CONNECT hostname:port HTTP/1.0
User-agent: MyApp
If the proxy requires authentication, you can also provide a Proxy-authorization header containing the encoded credentials as needed, eg:
CONNECT hostname:port HTTP/1.0
User-agent: MyApp
Proxy-authorization: basic dGVzdDp0ZXN0
if the proxy accepts the request and is successful in connecting to the requested host, it will send back an HTTP 200 reply, eg:
HTTP/1.0 200 Connection established
Proxy-agent: ProxyApp/1.1
you can now send and receive your data as you were already doing before, and the proxy will pass the data as-is between the client the host in both directions. You do not have to change any code logic other than to establish the proxy connection.
See Tunneling TCP based protocols through Web proxy servers
for more details.
This process is similar to the way other proxy protocols work, like SOCKS. The client connects to the proxy, requests a connection to the server host, and then the client and server pass data back and forth as if the proxy were not present.
I am getting the below exception when I invoke a jax ws webservice from my application deployed in WebSphere Application Server 6.1
SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=yyy.com, OU=For Intranet Use Only, OU=Web Hosting, O=xx, L=xx, ST=xx, C=xx" was sent from target host:port "*:9445". The signer may need to be added to local trust store "F://../trust.p12" . The extended error message from the SSL handshake exception is: "No trusted certificate found".
The enpoint url has https.
With the same enpoint url I am able to get a response from SOAP UI(Tool) without any certificate configuration etc..
Could you help me on this ?
I finally was able to fix this small issue.The Server certificate needs to be added to the websphere appserver truststore.This can be done from the admin console of websphere by providing the server domain and port.