Article delegate-en/2943 of [1-3976] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: delegate as ezproxy
15 May 2005 04:05:33 GMT "James Brooks" <ppufqbdyi-jk6bmqrvaanw.ml@delegate.org> 
1.) this was fixed with RELAY=proxy,delegate:*:*:* and I also added a PERMIT=*:*:*  but the real reason it seems to work now is because I had it running as a service on port 81 and did not notice.  so after removing the service and then running it with the -f option it worked fine from other machines.

2.) this aslo works now after adding URICONV=where:any  Now all the java redirects are working like they should.

My next goal is to implement a way that users must use Microsofts Windows 2003 logon server to authenticate to use delegate from off campus. I think what I will do is setup a ASP web page that requires users to login to open the page. And then inside the ASP code hide some authentication link to the delegate server that the delegate server can understand.  Maybe pass it in as a form page or in the url to the delegate server.

Thanks for your help. And for the great product. You just save the school $400 from using ezproxy.
Thanks...


-----Original Message-----
From: Yutaka Sato [mailto:pficabdyi-jk6bmqrvaanw.ml@delegate.org]
Sent: Sat 5/14/2005 8:07 PM
To: pficabdyi-jk6bmqrvaanw.ml@delegate.org
Cc: James Brooks
Subject: Re: delegate as ezproxy
 
In message <_A2941@delegate-en.ML_> on 05/14/05(13:46:07)
you "James Brooks" <ppufqbdyi-jk6bmqrvaanw.ml@delegate.org> wrote:
 |We (Berea College) would like to use delegate as an alternative to
 |ezproxy but there are some problems we are having.
 |
 |1.)	first I have delegate running on a localmachine called X
 |		With X using this command line.
 |		Delegate.exe -f -v -P81 ADMIN=test@berea..
 |PERMIT="*:*:*" RELAY=proxy,delegate
 |		Now in my X web browser I use the following url
 |http://X:81/-_-http://www.google.com
 |		And this works fine on X machine, but if I try this same
 |url from any other machine on my network I get the following.
 |
 |		Forbidden by delegate on 'X:81' 
 |		Tried from Y:3020 to http://www.google.com:80
 |		Reason: NO RELAY=delegate
 |
 |		What am I doing wrong?

The relay with "-_-" is allowed only for machines on ".localnet" by default.
You need to specify like "RELAY=proxy,delegate:*:*:*" to permit it for anyone,
as written in <URL:http://www.delegate.org/delegate/Manual.htm#RELAY>.
Since you are specifying RELAY="proxy,delegate" which means
"RELAY=proxy,delegate:*:*:*", it seems strange why it is forbidden.
With the option "-vv", you will get more detailed logs.  If the
RELAY=proxy,delegate is recognized properly, the log on the start-up
must show a line like this:

  05/15 08:52:11.67 [16528] 0+0: [0] CMAP={proxy,delegate}relay{*}:{*}:{*}

and with the "-dh" option, you will get detailed log about how it is
judged to be forbidden or permitted.  When it is permitted:

  05/15 08:57:33.77 [16693] 1+2: {HL} CMAP/relay 0/1
  05/15 08:57:33.77 [16693] 1+2: [1/1] REGEXP NAME MATCHING: server += * ?
  05/15 08:57:33.77 [16693] 1+2: [1/1] ==> 1 (CMAP/DST server)
  05/15 08:57:33.77 [16693] 1+2: [1/1] REGEXP NAME MATCHING: client += * ?
  05/15 08:57:33.77 [16693] 1+2: [1/1] ==> 1 (CMAP/SRC client)

and when it is permitted:

  05/15 08:59:05.37 [16717] 1+2: {HL} CMAP/relay 0/2
  05/15 08:59:05.37 [16717] 1+2: [1/1] REGEXP NAME MATCHING: server += * ?
  05/15 08:59:05.37 [16717] 1+2: [1/1] ==> 1 (CMAP/DST server)
  05/15 08:59:05.37 [16717] 1+2: [1/4] ADDR MATCH: xx.xx.xx.xx += 127.0.0.1 ?
  05/15 08:59:05.37 [16717] 1+2: [1/4] ==> 0 (.localnet client)
  05/15 08:59:05.37 [16717] 1+2: [2/4] ADDR MATCH: xx.xx.xx.0 += 192.168.1.0 ?
  05/15 08:59:05.37 [16717] 1+2: [2/4] ==> 0 (.localnet client)
  05/15 08:59:05.37 [16717] 1+2: [3/4] .i (IncomingIF) = 192.168.1.xx
  05/15 08:59:05.37 [16717] 1+2: [3/4] ADDR MATCH: xx.xx.xx.0 += 192.168.1.0 ?
  05/15 08:59:05.37 [16717] 1+2: [3/4] ==> 0 (.localnet client)
  05/15 08:59:05.37 [16717] 1+2: [4/4] .o (OutgoingIF) = 192.168.1.xx -> xx.xx.xx.xx
  05/15 08:59:05.37 [16717] 1+2: [4/4] ADDR MATCH: xx.xx.0.0 += 192.168.0.0 ?
  05/15 08:59:05.37 [16717] 1+2: [4/4] ==> 0 (.localnet client)
  05/15 08:59:05.37 [16717] 1+2: [1/1] HOSTLIST[1]:.localnet(.localnet) -> 0
  05/15 08:59:05.37 [16717] 1+2: [1/1] ==> 0 (CMAP/SRC client)
  05/15 08:59:05.37 [16717] 1+2: {HL} CMAP/relay 1/2
  05/15 08:59:05.37 [16717] 1+2: [1/1] REGEXP NAME MATCHING: server += * ?
  05/15 08:59:05.37 [16717] 1+2: [1/1] ==> 1 (CMAP/DST server)
  05/15 08:59:05.37 [16717] 1+2: [1/1] REGEXP NAME MATCHING: client += * ?
  05/15 08:59:05.37 [16717] 1+2: [1/1] ==> 1 (CMAP/SRC client)
  05/15 08:59:05.37 [16717] 1+2: Forbidden: RELAY DELEGATE


 |2.)	Next problem is really weird.  If I use the following url on
 |machine X delegate will return an error:
 |		url =
 |http://X:81/-_-http://firstsearch.oclc.org/done=referer;dbname=WorldCat;
 |FSIP

I tested the above URL just with parameters like yours, from Firefox and
MSIE, but I could access it without error.  So it is strange too.

 |		For some reason the -_-http://firstsearch.oclc.org/ is
 |gone from the url when it is redirect by the firstsearch.oclc.org site.
 |We have noticed this on several sites that use a java based redirect.
 |		Any help here would be great. Thanks.

JavaScript based redirection could be handled with a parameter like this:

  URICONV=where:any

Cheers,
Yutaka
--
  D G   Yutaka Sato <pfqcabdyi-jk6bmqrvaanw.ml@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V