From:  Sindhu <sindhu.s.reddy@gmail.com>
Date:  11 Jul 2014 19:39:36 Hong Kong Time
Newsgroup:  news.mozilla.org/mozilla.dev.tech.network
Subject:  

Re: Using a Pac File to redirect https requests.

NNTP-Posting-Host:  63.245.216.66

Hi Patrick,

Yes, you are right. I am trying to proxy over TLS.
I want to clarify one thing though. Is the port number in the return
statement 2443 or 443?
I tried using both(with the aurora build) and I faced issues with both.
With 2443 the page remains in a connecting state( I assume there is no
process listening on 2443) and with 443 I get the ns_error_unknown_host
error(though I'm able to connect to the domain without using a pac file).
The pac file I am using looks like this:

function FindProxyForURL(url,host) {
if(shExpMatch(host, "^www\.abc\.com$")){
var new_ip=dnsResolve("origin-www.abc.com");
  var proxyval = "HTTPS "+new_ip+":443;";
return proxyval;
}
}

  I can also send the http logs if that would help.

Sindhu Simhadri


On 8 July 2014 18:02, Patrick McManus  wrote:

> Hi Sindhu - I I believe we have a confusion in terminology.
>
> I believe that you are trying to proxy over TLS (or some people call it
> proxy over https) - not that you are having trouble proxing https://
> urls. Is that correct?
>
> proxying https urls should work just fine with your original configuration
> - the https request will be tunneled through the proxy using the CONNECT
> method and thus be opaque to the proxy, but it will be routed through it.
>
> If you would like to proxy http:// and or https:// using an https
> /TLSconnection to the proxy then you need a new feature that is on firefox
> 32 and newer. That's currently the aurora channel.
>
> To use that the pac file would look like
>
> function FindProxyForURL(url, host) {
> return "HTTPS localhost:2443;"
> }
>
> Note that https:// urls will still be routed through the connect method
> at the proxy. If you are trying to see the contents of the https
> transaction at the proxy that is not possible - https:// urls are
> encrypted end to end.
>
> hope that helps.
>
> -Patrick
>
>
> On Tue, Jul 8, 2014 at 1:55 AM, Sindhu  wrote:
>
>> Hi,
>>
>> I am trying to use a PAC file to redirect http / https requests.
>>
>> The following function works for a http request but it throws an
>> NS_ERROR_UNKNOWN_PROXY_HOST error for* https* requests.
>>
>>
>> function FindProxyForURL(url, host) {
>> return "PROXY x.x.x.x;"
>> }
>>
>> And if i change the function to :
>>
>> function FindProxyForURL(url, host) {
>> return "PROXY x.x.x.x:443;"
>> }
>>
>> it throws NS_ERROR_NET_RESET error.
>>
>> Is it possible to redirect https requests through a PAC file? Or is there
>> any other way to achieve this?
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Patrick McManus 
>> Date: 2 July 2014 20:15
>> Subject: Re: Using a Pac File to redirect https requests.
>> To: Sindhu 
>> Cc: firefox-dev@mozilla.org
>>
>>
>> you can use a PAC file to route all http and https generated by gecko.
>> https will of course be tunneled through the proxy using CONNECT because
>> it
>> needs to be end to end for appropriate security.
>>
>> e.g.
>>
>> function FindProxyForURL(url, host) {
>> return "PROXY localhost:2443;"
>> }
>>
>> dev-tech-network is probably the right place to followup to get the right
>> visibility - you should supply the pac file there.
>>
>>
>>
>> On Wed, Jul 2, 2014 at 1:12 AM, Sindhu  wrote:
>>
>> > Hi,
>> >
>> > I have an extension which uses a PAC file to redirect particular
>> requests
>> > to a proxy server. But this doesn't working for any *https *request.
>>
>> > Firefox always uses a DIRECT connection for https requests. Is there any
>> > way to redirect https requests using a PAC file? Or is there any other
>> way
>> > to achieve this?
>> >
>> > Sindhu Simhadri
>> >
>> > _______________________________________________
>> > firefox-dev mailing list
>> > firefox-dev@mozilla.org
>> > https://mail.mozilla.org/listinfo/firefox-dev
>> >
>> >
>> _______________________________________________
>> dev-tech-network mailing list
>> dev-tech-network@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-tech-network
>>
>
>