Jump to content
Kyle_Katarn31

About ProxyAuth when using no authentication

Recommended Posts

When using HTTP proxy with TSSLHttpCli : If no Auth is required (no credentials), is it OK to use httpAuthBasic with "empty" login/pass ? Or should I revert to httpAuthNone in this case ?

Share this post


Link to post

Would not recommend using httpAuthBasic unless you are setting credentials, there is usually a check for blanks, but that is a fail safe.

 

Angus

Share this post


Link to post

Thanks, i'll "force" httpAuthNone when no credential are given and i'll ask my user to test. I'll give feedback here when i'll have more details (and if possible more logs)

Share this post


Link to post
On 5/24/2021 at 5:10 PM, Angus Robertson said:

Would not recommend using httpAuthBasic unless you are setting credentials, there is usually a check for blanks, but that is a fail safe.

 

Angus

When testing with my Synology DSM embedded HTTP proxy (I understand it's squid too) with authentication disabled, comm fails with httpAuthNone but works with httpAuthBasic with empty login/pass.

Would you need some logs to understand why  httpAuthNone fails there ?

 

 

Looks like it was working in the past... could it come from this change introduced in 8.66 ?

 

else if IcsLowerCase(Proto) = 'https' then
            FPath := Path  { V8.66 using proxy CONNECT command so don't need host and port }

Edited by Kyle_Katarn31

Share this post


Link to post
10 hours ago, Kyle_Katarn31 said:

Reverting the 8.66 change does not seems to improve the situation.

What traces could help ?

You should sniff the traffic to see what's going on

Share this post


Link to post

Your application should already be logging sufficient information to debug errors of this sort. 

 

If you are using the TSslHttpRest component, set debug level to DebugHdr. if not look at that component to see how it logs activities. Or try connecting to the proxy with the OverbyteIcsHttpRestTst sample. 

 

Angus

 

Share this post


Link to post
3 hours ago, Kyle_Katarn31 said:

You mean pcap ? Or logging of specific events / traffic at application level ?

I prefer SmSniff but since you use SSL, it should be Wireshark. Or, as Angus said, enable traffic dumping in the client.

Btw, there's relatively new ProxyURL property to set SOCKS or HTTP Tunnel proxy settings using single URL, ie proto://[user:password@]host:port where proto = socks5 or http. Setter of this property takes care of setting the proper Auth mode

Edited by Fr0sT.Brutal

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×