[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: HTTPAPI example1 & example2
Hello Scott,
As usual you are "dead on" the specifics in your response.
>If it's a firewall problem, why is he getting back a response asking him
>to specify a userid/password? Surely, if a firewall is blocking port
>80, there'd be no way to send the 'You must log in message'.
My assumptions are based on my own experiences with HTTP from our IBM i. I
believe the message is coming from a proxy within his company's "firewall".
(I don't generally differentiate between NAT, reverse NAT,
transparent/redirected proxy, filter rules and exceptions, packet
inspection, firewall, etc. I understand they are different things, but to
most of us a firewall is "the thing"). It was similar to the messages I got
when I first messed with LIBHTTP and his recent problem of zero byte file
after using EXAMPLE1 almost certainly means firewall (although it could be
something else).
>I certainly agree that your tests with PING and TRACEROUTE have proven
>that there's a firewall in play -- but all you've proven is that the
>firewall is blocking PING and TRACEROUTE :) TCP Port 80 may very well
>be wide open.
Yep, I should have checked if his PC can ping and tracert. And even that
isn't foolproof based on various types of rules being applied in the
firewall. Again, my own experience has been that making the exception in
"the firewall" we use fixed a lot of the problems for our IBM I (downloading
PTFs, ping, traceroute, using LIBHTTP, more reliable DNS lookups, retrieving
pop mail and EDI). Maybe it is bad assumption that other people have a
"firewall" similarly configured. By way of comparison, if I don't login my
PC to our network, I have very few "privileges" on the TCP/IP front (our
firewall being tied in with my network authentication).
>Much more helpful than a ping or traceroute would be the data in the
>debug file generated by HTTPAPI.
I think Glenn's original post was on 7/24 and he indicated that soapUI
worked, but RPG didn't on using the geoIP service. So a PC app works (either
authenticated to the network...therefore authenticated to his
proxy/NAT/firewall or he entered the proxy information manually), but the
IBM i doesn't (not authenticated). The very first entry in the debug.txt
showed:
SetError() #13: HTTP/1.1 401 Unauthorized
I haven't really traced the code in LIBHTTP, but I've made an assumption
that when the very first entry in the debug.txt file indicates unauthorized,
it is coming from an internal service (most likely a proxy as part of the
firewall). It generates this response to the very first packet that is sent
and anything after that in the debug.txt file is just there to throw you off
the trail. This message shows up even before the DNS messages, so it would
be most unlikely that the web service is generating that response. As a
preference in the design, I'd rather see LIBHTTP die when it gets that
message unless I've coded an error handler for it (which I wouldn't bother
to do--it is much easier just to create a firewall rule).
Anyway, to help Glenn, I believe he needs to look at his firewall settings
and create whatever type of exception will allow him to get out. Later on in
the original debug.txt it shows:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="HTTP Authentication (ID43814)"
So, it appears his proxy uses basic authentication. Instead of creating a
"hole in the firewall", he could include the proxy authentication code in
his programs and try to authenticate before requesting the service.
Glenn, you've run enough "attempts" to know that your IBM i can't get out of
your network for much (including port 80). If you want, post the debug file
after running EXAMPLE1, but maybe just ask your network guy to create a
proxy exception for you and be done it.
Mike Krebs
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------