HTTP tunneling through proxy server

Discussion in 'Java' started by Alex Molochnikov, May 9, 2004.

  1. Hello everyone,

    Our program connects to the License Generator (the Java-based server running
    on our website host) via URLConnection like this:

    String _url = "http://gestalt.com/license/";
    URL url = new URL(_url);
    URLConnection connection = url.openConnection();
    connection.setUseCaches(false);
    connection.setDoOutput(true);

    At the server end, Apache server receives the HTTP request and redirects it
    to the License Generator which then responds with the appropriate content.

    It always worked, but recently someone complained that the connection,
    originating from his laptop, cannot go through the proxy server that his
    laptop connects to. Unfortunately, I could not get any detail on this
    incident, but it left me wondering: what could possibly go wrong with the
    connection?

    Should I have used HttpURLConnection class instead? And, for this matter,
    when would one use HttpURLConnection over URLConnection ?

    TIA

    Alex Molochnikov
    Gestalt Corporation
    www.gestalt.com
    Alex Molochnikov, May 9, 2004
    #1
    1. Advertising

  2. Alex Molochnikov

    Yu SONG Guest

    "Alex Molochnikov" <>
    > Hello everyone,
    >
    > Our program connects to the License Generator (the Java-based server

    running
    > on our website host) via URLConnection like this:
    >
    > String _url = "http://gestalt.com/license/";
    > URL url = new URL(_url);
    > URLConnection connection = url.openConnection();
    > connection.setUseCaches(false);
    > connection.setDoOutput(true);
    >
    > At the server end, Apache server receives the HTTP request and redirects

    it
    > to the License Generator which then responds with the appropriate content.
    >
    > It always worked, but recently someone complained that the connection,
    > originating from his laptop, cannot go through the proxy server that his
    > laptop connects to. Unfortunately, I could not get any detail on this
    > incident, but it left me wondering: what could possibly go wrong with the
    > connection?
    >
    > Should I have used HttpURLConnection class instead? And, for this matter,
    > when would one use HttpURLConnection over URLConnection ?
    >
    > TIA
    >
    > Alex Molochnikov
    > Gestalt Corporation
    > www.gestalt.com
    >
    >


    You'd better add some options to let the user select his connection(direct,
    http proxy, Socks ...) and set appropriate properties in the "System".


    --
    Song

    More info.:
    http://www.dcs.warwick.ac.uk/~esubbn/
    Yu SONG, May 10, 2004
    #2
    1. Advertising

  3. "Yu SONG" <> wrote in message
    news:c7mg5d$8fg$...
    > You'd better add some options to let the user select his

    connection(direct,
    > http proxy, Socks ...) and set appropriate properties in the "System".


    That would be nice, but the HTTP tunneling is supposed to be the lowest
    common denominator that works through firewalls (as long as they let
    outgoing connections on port 80) and that is also platform-independent.

    So, my original question still stands: what could cause the URLConnection to
    fail when going though a proxy server?

    Alex.
    Alex Molochnikov, May 10, 2004
    #3
  4. Alex Molochnikov

    Roger Guest

    >
    > So, my original question still stands: what could cause the URLConnection to
    > fail when going though a proxy server?
    >


    Authentication by the proxy? The proxy I'm forced to use at work
    rquires Windows NTLM Authentication which requires additional
    considerations when establishing the connection.

    Regards
    Roger
    Roger, May 10, 2004
    #4
  5. Alex Molochnikov

    iksrazal Guest

    "Alex Molochnikov" <> wrote in message news:<2fDnc.432202$oR5.263871@pd7tw3no>...
    > "Yu SONG" <> wrote in message
    > news:c7mg5d$8fg$...
    > > You'd better add some options to let the user select his

    > connection(direct,
    > > http proxy, Socks ...) and set appropriate properties in the "System".

    >
    > That would be nice, but the HTTP tunneling is supposed to be the lowest
    > common denominator that works through firewalls (as long as they let
    > outgoing connections on port 80) and that is also platform-independent.
    >
    > So, my original question still stands: what could cause the URLConnection to
    > fail when going though a proxy server?
    >
    > Alex.


    NTLM for one. As I understand it, java 1.4.x only supports NTLM on
    Windows. You might try HttpClient from Apache Commons as an
    alternative to URLConnection - it has more features, ntlm works
    everywhere, and I for one have had a lot of luck with.

    iksrazal
    iksrazal, May 10, 2004
    #5
  6. Alex Molochnikov

    Chris Smith Guest

    Alex Molochnikov wrote:
    > So, my original question still stands: what could cause the URLConnection to
    > fail when going though a proxy server?


    Lots of possibilities.

    Ditto the suggestion on HttpClient. That's going to end up being pretty
    much a lifesaver if you intend to get this to work really reliably.

    That said, I still recall fighting proxy issues back when we first
    released the Design-a-Course client, and the hoops we jumped through
    trying to make that work reliably. Some things to keep in mind:

    * Many firewalls are transparent, but many more are not. A LOT of
    popular outgoing firewall software products require use of a proxy
    server. You will need to provide the option to configure a proxy
    server.

    * Firewall companies do the darnedest things in the name of security.
    We found stuff as ludicrous as filtering outgoing requests based on the
    User-Agent header, assuming that anything that doesn't claim to be
    Mozilla *must* be malicious, right?. So we had to add an option to fake
    the user-agent header as a popular browser (I copied from IE 6).

    * There are two related standards for auto-detection or auto-
    configuration of proxies. They are called, respectively, PAC and WPAD.
    They are absolutely silly standards, and you'll need to embed a
    JavaScript interpreter into your application to implement either one.
    However, if you don't do so, your application will mysteriously fail and
    your user won't even be at all aware that they need to configure a
    proxy! So they'll blame you, of course.

    * A lot of proxies have trouble with certain combinations of HTTP
    features. We found very frequent problems with combining HTTPS and host
    authentication; with combining host authentication with proxy
    authentication; and with pretty much any use of the 101-continue header.
    The latter can IIRC be disabled with current versions of HttpClient, and
    you should do so unless you have a good reason not to. If you need to
    do so with an older HttpClient version (though I can't imagine why...),
    I've got some code around somewhere to subclass some of the method
    classes for that purpose, so just ask and it's yours.

    * Proxy and firewall vendors will always blame your application or the
    client's configuration (even if the client never touched the default
    configuration since installation). They will never try to solve your
    problem. The presumption is that you're at fault.

    That's all I can remember of this fiasco right now.

    --
    www.designacourse.com
    The Easiest Way to Train Anyone... Anywhere.

    Chris Smith - Lead Software Developer/Technical Trainer
    MindIQ Corporation
    Chris Smith, May 14, 2004
    #6
  7. I was somewhat distracted by the MySQL licensing debate, and could not
    respond to this sooner.

    "Chris Smith" <> wrote in message
    news:4.net...
    > Alex Molochnikov wrote:
    > > So, my original question still stands: what could cause the

    URLConnection to
    > > fail when going though a proxy server?

    >
    > Lots of possibilities.
    >
    > Ditto the suggestion on HttpClient. That's going to end up being pretty
    > much a lifesaver if you intend to get this to work really reliably.
    >


    Are you referring to Yu Song's post? Rather than trying to second-guess the
    user's environment, give him a way to specify the proxy server name, port
    and possibly the authentication data?

    > That said, I still recall fighting proxy issues back when we first
    > released the Design-a-Course client, and the hoops we jumped through
    > trying to make that work reliably. Some things to keep in mind:
    >
    > * Many firewalls are transparent, but many more are not. A LOT of
    > popular outgoing firewall software products require use of a proxy
    > server. You will need to provide the option to configure a proxy
    > server.
    >
    > * Firewall companies do the darnedest things in the name of security.
    > We found stuff as ludicrous as filtering outgoing requests based on the
    > User-Agent header, assuming that anything that doesn't claim to be
    > Mozilla *must* be malicious, right?. So we had to add an option to fake
    > the user-agent header as a popular browser (I copied from IE 6).
    >
    > * There are two related standards for auto-detection or auto-
    > configuration of proxies. They are called, respectively, PAC and WPAD.
    > They are absolutely silly standards, and you'll need to embed a
    > JavaScript interpreter into your application to implement either one.
    > However, if you don't do so, your application will mysteriously fail and
    > your user won't even be at all aware that they need to configure a
    > proxy! So they'll blame you, of course.
    >
    > * A lot of proxies have trouble with certain combinations of HTTP
    > features. We found very frequent problems with combining HTTPS and host
    > authentication; with combining host authentication with proxy
    > authentication; and with pretty much any use of the 101-continue header.
    > The latter can IIRC be disabled with current versions of HttpClient, and
    > you should do so unless you have a good reason not to. If you need to
    > do so with an older HttpClient version (though I can't imagine why...),
    > I've got some code around somewhere to subclass some of the method
    > classes for that purpose, so just ask and it's yours.
    >
    > * Proxy and firewall vendors will always blame your application or the
    > client's configuration (even if the client never touched the default
    > configuration since installation). They will never try to solve your
    > problem. The presumption is that you're at fault.
    >
    > That's all I can remember of this fiasco right now.


    I doubt if we can find automated solution(s) for all these circumstances.

    One possible way out of this situation for us could be telling the users to
    contact us by e-mail when everything else fails.

    Thank you for the input.

    Regards,

    Alex.
    Alex Molochnikov, May 15, 2004
    #7
  8. Alex Molochnikov

    Marat Guest

    Check this site out (www.jproxy.com). They claim that you can basically work
    with any J2EE API and the calls are automatically HTTP tunneled for you.

    Cheers!

    "Alex Molochnikov" <> wrote in message
    news:eek:Ghnc.421664$oR5.165921@pd7tw3no...
    > Hello everyone,
    >
    > Our program connects to the License Generator (the Java-based server

    running
    > on our website host) via URLConnection like this:
    >
    > String _url = "http://gestalt.com/license/";
    > URL url = new URL(_url);
    > URLConnection connection = url.openConnection();
    > connection.setUseCaches(false);
    > connection.setDoOutput(true);
    >
    > At the server end, Apache server receives the HTTP request and redirects

    it
    > to the License Generator which then responds with the appropriate content.
    >
    > It always worked, but recently someone complained that the connection,
    > originating from his laptop, cannot go through the proxy server that his
    > laptop connects to. Unfortunately, I could not get any detail on this
    > incident, but it left me wondering: what could possibly go wrong with the
    > connection?
    >
    > Should I have used HttpURLConnection class instead? And, for this matter,
    > when would one use HttpURLConnection over URLConnection ?
    >
    > TIA
    >
    > Alex Molochnikov
    > Gestalt Corporation
    > www.gestalt.com
    >
    >




    Posted Via Usenet.com Premium Usenet Newsgroup Services
    ----------------------------------------------------------
    ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
    ----------------------------------------------------------
    http://www.usenet.com




    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
    Marat, May 28, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bigbinc

    http tunneling, and soap.

    bigbinc, Dec 8, 2003, in forum: Java
    Replies:
    0
    Views:
    394
    bigbinc
    Dec 8, 2003
  2. exquisitus
    Replies:
    4
    Views:
    3,101
    Andrea Desole
    May 20, 2005
  3. nono240

    J2ME : http tunneling client ?

    nono240, Feb 7, 2008, in forum: Java
    Replies:
    0
    Views:
    451
    nono240
    Feb 7, 2008
  4. chandan

    HTTP tunneling in aglets

    chandan, Jul 18, 2008, in forum: Java
    Replies:
    4
    Views:
    286
    Andrew Thompson
    Jul 18, 2008
  5. Dave Langley
    Replies:
    4
    Views:
    576
    Dave Langley
    Sep 4, 2003
Loading...

Share This Page