Closed
Bug 27802
Opened 25 years ago
Closed 25 years ago
PAC: using a complex proxy .pac file fails silently, no crash
Categories
(Core :: Networking, defect, P3)
Tracking
()
M17
People
(Reporter: jahf, Assigned: gagan)
Details
(Keywords: crash, Whiteboard: [NEED INFO]3d(guess))
From Bug Helper:
User-Agent: Mozilla/4.7 [en] (Win98; U)
BuildID: 2000012520
I'm using a complex .pac file to 1) connect through my local squid if I'm at
home ... 2) connect directly if I'm not at home ... 3) connect via local
SSH-enabled IP tunnels for our internal network at the home office ... the
javascript (see the additional details for the actual code) doesn't give me a
warning, but none of my proxies work in SeaMonkey. I wrote the script for
Netscape 4.7 where it works -beautifully- ... perhaps the .pac functionality is
not yet 100% with SeaMonkey or perhaps I'm using a javascript function that
isn't in SeaMonkey (yet?).
Reproducible: Always
Steps to Reproduce:
1. copy the .pac file ...
2. setup SSH port-forwarding as described (you'll have to substitute my
domain/addresses/whatever to get a working test)
3. install the .pac file and configure seamonkey accordingly
Actual Results: Nothing ... I can still browse normally, everything is a direct
connection though.
Expected Results: I should be going through my Squid cache for everything
except pages inside the firewall at cobalt.com ... I don't go through Squid and
I can't use the SSH tunnels
/Geoff
Additional: Here's the instructions I wrote for using the code with Communicator
4.7 and the code itself. If it word wraps just email me via jahf@yahoo.com and
I'll send it via an attachment.
Viewing Internal Cobalt Webs without PPTP VPN
... Geoff Baysinger (geoff@cobalt.com)
... 2/15/2000
I. Purpose:
A. To create a secure method of view web pages on the internal Cobalt
LAN from an internet connection.
B. Specifically, to remove the need for the PPTP VPN (which for some of
us doesn't always work well [NAT] or is a bit scary [light encryption])
C. This is geared for the Windows crowd. Linux users probably have this
all taken care of, but if not it should point you in the right directions.
D. There is no implied warranty, support or help in this document ...
please consult your nearest SSH/Proxy fiend if you need more help ... if they
love you and read this document they should get it.
II. Required Parts:
A. SecureCRT (or another SSH client that can do port forwarding)
B. Netscape 4.X
1. Specifically, must support Proxy AutoConfiguration files
(.pac) and the Javascript RegExp functions
2. IE 4.X theoretically will work, I don't use it so you're on
your own if you do.
C. An Internet connection (should work from anywhere including behind a
NAT box)
D. A login account on "[deleted].cobalt.com"
III. Setting things up:
A. Setup your SSH portforwarding ... in SecureCRT 3.0 you would:
1. Create a profile for "[deleted].cobalt.com" using SSH1
2. Edit the properties for "[deleted].cobalt.com"'s profile
a. go to "Connection"
b. click "Advanced"
c. go to "Port Forwarding"
d. click "New"
e. "Local Port" = 8000
f. "Remote Hostname" = deleted1.cobalt.com
g. "Remote Port" = 80
h. click "Save"
i. repeat steps III.A.2.d - III.A.2.h for the following:
0) [local port] [remote hostname] [remote
port]
1) 8010 deleted2.cobalt.com
80
2) 8011 deleted3.cobalt.com
85
3) 8020 deleted4.cobalt.com
80
4) 8021 deleted5.cobalt.com
80
B. Create the Proxy AutoConfiguration (.pac) file
1. Make a directory called "C:\cobalt\proxy\"
2. Save the text from item VI. (below) to a new file
"C:\cobalt\proxy\ssh.pac"
C. Tell Netscape to use the "ssh.pac" file
1. Run Netscape
2. Go to "edit/preferences/advance/proxies"
3. click "Automatic proxy configuration Configuration location
(URL:)" (say that 10 times in a row)
4. enter "file:///c|/cobalt/proxy/ssh.pac"
5. click "OK"
IV. Testing it out:
1. Make sure that SecureCRT (or whatever your port-forwarding SSH client
is) is connected to [deleted].cobalt.com
2. Make sure Netscape is running
3. Go to "http://www.netscape.com/" (just to make sure it's working
-normally-)
4. Try to go to "http://[deleted].cobalt.com/"
1. If it works, you will reach the "Cobalt Engineering Home
Page" at 'http://[deleted].cobaltnet.com/[deleted]'
2. If it fails you will see your browser timeout or it will say
"Connection Refused".
V. Gotchas
1. If it doesn't work, it's not supported
2. If it does work, it's not supported
3. If your computer happens to have an IP address in the range of
192.168.100.X it will try to use my Squid-based AdZapping web cache (you may be
prompted for a username/login if you have a NAT box and it connects to my
cache). If this is the case you will need to hunt down the section in the
Javascript that does this and change "192.168.100.0" to be something other than
your LAN IP addresses.
4. SecureCRT disconnects after a certain timeout is reached (anyone have
a recommendation on automating a keep-alive that won't interfere with the
session?)
5. There's no way to make SecureCRT run automatically only when you are
going to a Cobalt page in your web browser ... since you have to manually make 2
connections to use PPTP, this isn't such a big deal.
6. If you need to go to a server that I didn't map for you, you will
need to edit the Javascript and add a new port forwarding. I tried to comment
the code well enough that this shouldn't be a big problem.
VI. Code (everything below this should be saved as "c:\cobalt\proxy\ssh.pac"
//
// Geoff's Automatic Proxy Configurator
//
// ... Version 20000215-1.0
//
// ... barely based on http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.2
// which was in turn based on information from
// Oskar Pearson and the Internet Solution (http://www.is.co.za)
//
// The purpose of this file is to ... automatically go through proxies
// for certain URLs, but not for others. This allows us to combine with
// SSH to securely view pages on the Cobalt LAN.
//
// Additionally, if we are connected via the aDSL line at home and are
// on the 192.168.100.X network then we should go through the Squid
// AdZapper running on the Qube2.
//
// Relies heavily on the Javascript RegExp functions ... might be (much)
// more slim'n'trim if I'd use substring and indexOf but this is a 4 hour
// hack job and it's 4am. If you want to work on improving the coding
// please send me modifications. Not sure if I'm going to run into
// Javascript crashes because of this ... I don't think .pac files
// were intended to be this complicated :)
//
// All internal cobalt URLs go through a proxy that is tunnelled and
// port-forwarded via an SSH connection to [deleted].cobalt.com. This is
// facilitated by SecureCRT.
//
// SecureCRT/SSH Port-forwarding:
// ... Start at port 8000
// ... Designated 10 ports per machine
// ... Example:
// 1) port 8020 goes to deleted4.cobalt.com:80
// 2) port 8021 goes to deleted5.cobalt.com:81
// 3) ports 8022-8029 are reserved for future ports on deleted.cobalt.com
// ... Map (built via an Array):
// DON'T EDIT THE NEXT 4 LINES ...
var CobaltPrivate = new Array();
CobaltPrivate["Map"] = new Array(
// edit lines that look like:
// "[host]:[port];[SSH port]",
// BEGIN EDITING HERE:
"deleted1:80 ; 8000",
"deleted2:80 ; 8010",
"deleted3:85 ; 8011",
"deleted4:80 ; 8020",
"deleted5:81 ; 8021",
// : HERE ENDS EDITING
// NO END-USER SERVICEABLE CODE BEYOND THIS POINT!
// next line blank ... I always forget to omit the "," from the last
// variable if I don't have this line ...
"blank;0000" // always remove the ","
from the last!
);
// Split the "Map" array information into useable forms
CobaltPrivate["HostColonPort"] = new Array();
for (var mapped in CobaltPrivate["Map"])
{
// matchedRegex is a pattern to split lines like:
// [host]:[http port];[ssh port]
// into "[host]:[http port]" and "[ssh port]"
// ... the split character is ";" and we remove whitespace
// before and after the split character.
matchedRegex = /([\S]*)\s*\;\s*([\S]*)/;
matchedHostColonPort =
CobaltPrivate["Map"][mapped].replace(matchedRegex, "$1");
matchedSSHPort =
CobaltPrivate["Map"][mapped].replace(matchedRegex, "$2");
CobaltPrivate["HostColonPort"][matchedHostColonPort] = matchedSSHPort;
}
function FindProxyForURL(url, host)
{
// Rules:
// I. Normal Connection
if (
// a) is this a non-cobalt page?
// [anything that doesn't match cobalt(net|).com]
! shExpMatch( host, "*.cobalt(net|).com")
||
// b) is this a plain hostname?
// [ie, "qube2", not "qube2.cobalt.com"]
isPlainHostName(host)
||
// c) is this a public Cobalt page?
// [ie, ends with "cobalt(net|).com" but not listed in array]
! IsCobaltPrivate(host)
)
{
// Determine how we are connected:
if ( isInNet( myIpAddress(), "192.168.100.0", "255.255.255.0") )
{
// 1) To the aDSL LAN? Then use the Squid on the Qube2.
return "PROXY stonewall.ergastulum.com:3128; DIRECT";
// 2) To another network? Then use a direct connection.
} else {
return "DIRECT";
}
}
// II. Any -other- Cobalt pages should be proxied via the SSH tunnels
// [an array provide mapping from the matched name to the port]
if (shExpMatch( host, "*.cobalt(net|).com"))
{
// We have to get the 'host:port' from the URL ...
// Let's make this a function ... prettier code.
HostColonPort = GetSSHPort(url,host);
return "PROXY localhost:" +
CobaltPrivate["HostColonPort"][HostColonPort] + "; DIRECT";
}
// Done.
}
// A function to get the [SSH port] associated with a [host]:[http port]
function GetSSHPort(TestURL,TestHost)
{
// Get the [host]:[http port] (if there is a port) from the URL
TestURLRegex = /^[^:]*\:\/\/([^\/]*).*/;
TestURLMatch = TestURL.replace(TestURLRegex, "$1");
TestURLLower = TestURLMatch.toLowerCase();
// Get the hostname and, if supplied, port
TestURLLowerRegex = /^([^\.]*)[^\:]*(.*)/;
NewHost = TestURLLower.replace(TestURLLowerRegex, "$1");
NewPort = TestURLLower.replace(TestURLLowerRegex, "$2");
// If no port was explicitely stated, it needs to be ":80"
if (NewPort == "")
{
NewPort = ":80";
}
return NewHost + NewPort;
}
// A function to test whether we are hitting a private Cobalt URL
function IsCobaltPrivate(TestHost)
{
// Get the hostname and domain name separated and in lowercase
TestHostRegex = /^([^\.]*)\.?(.*)/;
TestHostMatch = TestHost.replace(TestHostRegex, "$1");
TestHostDomain = TestHost.replace(TestHostRegex, "$2");
TestHostLower = TestHostMatch.toLowerCase();
TestHostDomainLower = TestHostDomain.toLowerCase();
// Make sure the domain name is what we are looking for
// ... if not then abort the routine
TestHostDomainRegex = /\.?cobalt(net|)\.com$/;
if (! TestHostDomainLower.match(TestHostDomainRegex))
{
return false;
}
// Ok, we got this far, compare the hostname with the
// array we built in the global section and return
// true if we matched a hostname.
for (var HostColonPort in CobaltPrivate["HostColonPort"])
{
CobaltHostRegex = /^([^\:]*).*/;
CobaltHostMatch = HostColonPort.replace(CobaltHostRegex, "$1");
CobaltHostLower = CobaltHostMatch.toLowerCase();
if (CobaltHostLower == TestHostLower)
{
return true;
}
}
return false;
}
Comment 1•25 years ago
|
||
updating component.
Assignee: leger → gagan
Component: Browser-General → Networking
QA Contact: cbegle → tever
Comment 2•25 years ago
|
||
Silent failure => m15
However, the keywords field says crash, even though I don't see any indication
of a crash here. If it does crash, let me know so we can see if this needs to go
in the beta.
Target Milestone: M15
there was no crash in my initial example ... that's why I said it "fails
silently, no crash" in the subject :) It may have crashed on one of the other
people attached to this report, dunno, the keyword "crash" was added after I
filed the incident. Let me know if I can help test this in the future.
Comment 4•25 years ago
|
||
Moving to M17 which is now considered part of beta2.
Target Milestone: M16 → M17
Putting on [NEED INFO] radar. clayton to investigate.
Keywords: beta2
Whiteboard: 3d(guess) → [NEED INFO]3d(guess)
Per gagan request, marking a dup.
*** This bug has been marked as a duplicate of 20145 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Summary: using a complex proxy .pac file fails silently, no crash → PAC: using a complex proxy .pac file fails silently, no crash
You need to log in
before you can comment on or make changes to this bug.
Description
•