Article delegate-en/4015 of [1-5109] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
 
Testing the HTTP/HTTPS and FTP Delegate proxy
Sat, 26 Jul 2008     Jean Aumont

Hi Yutaka,

I am currently doing some tests on proxy software and I am trying to 
set-up 2 proxies, one that support Http/Https and the other 
that support FTP.

I have decided to test the "Delegate" proxies using the following 
2 configuration files and I have a few questions:

---------------------------------------------------------------------
Question 1 - Http(s) proxy
---------------------------------------------------------------------
# more http.cfg 
SERVER="http"
REMITTABLE="http,https"
-P8080
# ============
# Section http
# ============
AUTHORIZER="-none:http:www.sea-doo.com*:10.*.*.*"
AUTHORIZER="-list{uid1:pwd1,uid2:pwd2}:http:www.google.com:10.*.*.*"
AUTHORIZER="-list{uid1:pwd1,uid3:pwd3}:http:www.yahoo.com:10.*.*.*"
AUTHORIZER="-list{uid1:pwd1}:http:*:10.*.*.*"
# =============
# Section https
# =============
AUTHORIZER="-list{uid1:pwd1,uid3:pwd3}:https:www.google.com:10.*.*.*"
AUTHORIZER="-list{uid1:pwd1,uid3:pwd3}:https:www.yahoo.com:10.*.*.*"
AUTHORIZER="-list{uid1:pwd1}:https:*:10.*.*.*"
# ===============
# Deny All Others
# ===============
AUTHORIZER="-never"

From my testing using the http(s) config, I discovered that the 
delegate proxy evaluates the rules as follow:

1) look for the service (http or https)
2) then look for an address that match the requested ip or url
3) and if the user is allowed

This is why I am force to repeat that "uid1:pwd1" on the line 
that give access to www.google.com and www.yahoo.com even if 
the line AUTHORIZER="-list{uid1:pwd1}:http:*:10.*.*.*"
should give acces to everywhere on the www to "uid1"

Am I right about this ???

---------------------------------------------------------------------
Question 2 - Ftp proxy
---------------------------------------------------------------------
# more ftp.cfg 
SERVER="ftp"
REMITTABLE="ftp"
-P2021
# ============
# Section ftp
# ============
AUTHORIZER="-none:ftp:ftp.openbsd.org:10.*.*.*"
AUTHORIZER="-list{uid1:pwd1,uid2:pwd2}:ftp:ftp.sun.com:10.*.*.*"
AUTHORIZER="-list{uid3:pwd3}:ftp:ftp.freebsd.com:10.*.*.*"
AUTHORIZER="-list{uid1:pwd1}:ftp:*:10.*.*.*"


With this configuration, I could never login to the Delegate FTP proxy 
with the user id "uid2" or "uid3", the only user id allow is "uid1" with
password "pwd1". 
This seems to be a bug in version 9.8.2-pre47.


Also, is there a way to give access to a certain destination 
without any authentification on the FTP proxy. 

This is what I was trying to accomplish with the line: 
    AUTHORIZER="-none:ftp:ftp.openbsd.org:10.*.*.*"

But I do not see a way to initiate the connection to the FTP 
Proxy without being prompt for a user and password.

----------------------------------------------------------------------


Thanks for the great effort of developing the "Delegate" proxy.

Jean Aumont

  search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V