On Fri, Aug 09, 2002 at 09:30:24AM -0700, Deb wrote:
> Brett Lymn <blymn@baesystems.com.au> had this to say,
> > You can do this using a proxy.pac, if you want to make all https
> > traffic direct then just match the start of the URL string for "https"
> > and return "DIRECT" as the proxy method. If it is a single site that
> > is causing the pain then just match that site. Be wary of making the
> > proxy.pac too complex though, the thing gets evaluated on every URL
> > lookup so it may affect browser performance if it is too unwieldy.
>
> I don't want to send all https traffic DIRECT because I have
> a virus filter through which request/responses go to after
> the proxy and before the target.
>
> I can workaround the problem by just matching the site, but
> that doesn't solve the real problem, and before I release the
> proxy to our entire Intranet usage, I need to understand what
> is happening and fix that in order to prevent similar future
> problems.
>
> I just don't know where to go from here.
>
> Help? Ideas? Anyone?
Run iptraf or tcpdump or whatever on the proxy machine or external gateway
machine and watch what happens for all of the following cases;
1) https to some other site that works using the proxy.
2) https to livelink using the proxy.
3) https to livelink going direct.
Things to look out for;
1) connections going back from livelink to the client browser on some other
port.
2) Any non-standard port activity.
3) any subtile differences between the 3 test cases.
The biggest problem with oddball sites like this is you end up going through
extaordinary loops to get them to work, usually having to compromise your
system by punching extra holes through your firewall etc.
In the end, your efforts to finally get their site to work only encorages
the site to keep doing its wierd stuff.
I would contact livelink and explain the problem, asking them to explain or
fix it. If they don't, just firewall the b*stards off and tell your clients
that livelink is busted, complain to livelink.
-- ---------------------------------------------------------------------- ABO: finger abo@minkirri.apana.org.au for more info, including pgp key ----------------------------------------------------------------------Received on Fri Aug 09 2002 - 18:15:23 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:34 MST