From Bug Helper: User-Agent: Mozilla/4.7 [en] (Win98; U) BuildID: 2000012520 I'm using a complex .pac file to 1) connect through my local squid if I'm at home ... 2) connect directly if I'm not at home ... 3) connect via local SSH-enabled IP tunnels for our internal network at the home office ... the javascript (see the additional details for the actual code) doesn't give me a warning, but none of my proxies work in SeaMonkey. I wrote the script for Netscape 4.7 where it works -beautifully- ... perhaps the .pac functionality is not yet 100% with SeaMonkey or perhaps I'm using a javascript function that isn't in SeaMonkey (yet?). Reproducible: Always Steps to Reproduce: 1. copy the .pac file ... 2. setup SSH port-forwarding as described (you'll have to substitute my domain/addresses/whatever to get a working test) 3. install the .pac file and configure seamonkey accordingly Actual Results: Nothing ... I can still browse normally, everything is a direct connection though. Expected Results: I should be going through my Squid cache for everything except pages inside the firewall at cobalt.com ... I don't go through Squid and I can't use the SSH tunnels /Geoff Additional: Here's the instructions I wrote for using the code with Communicator 4.7 and the code itself. If it word wraps just email me via jahf@yahoo.com and I'll send it via an attachment. Viewing Internal Cobalt Webs without PPTP VPN ... Geoff Baysinger (geoff@cobalt.com) ... 2/15/2000 I. Purpose: A. To create a secure method of view web pages on the internal Cobalt LAN from an internet connection. B. Specifically, to remove the need for the PPTP VPN (which for some of us doesn't always work well [NAT] or is a bit scary [light encryption]) C. This is geared for the Windows crowd. Linux users probably have this all taken care of, but if not it should point you in the right directions. D. There is no implied warranty, support or help in this document ... please consult your nearest SSH/Proxy fiend if you need more help ... if they love you and read this document they should get it. II. Required Parts: A. SecureCRT (or another SSH client that can do port forwarding) B. Netscape 4.X 1. Specifically, must support Proxy AutoConfiguration files (.pac) and the Javascript RegExp functions 2. IE 4.X theoretically will work, I don't use it so you're on your own if you do. C. An Internet connection (should work from anywhere including behind a NAT box) D. A login account on "[deleted].cobalt.com" III. Setting things up: A. Setup your SSH portforwarding ... in SecureCRT 3.0 you would: 1. Create a profile for "[deleted].cobalt.com" using SSH1 2. Edit the properties for "[deleted].cobalt.com"'s profile a. go to "Connection" b. click "Advanced" c. go to "Port Forwarding" d. click "New" e. "Local Port" = 8000 f. "Remote Hostname" = deleted1.cobalt.com g. "Remote Port" = 80 h. click "Save" i. repeat steps III.A.2.d - III.A.2.h for the following: 0) [local port] [remote hostname] [remote port] 1) 8010 deleted2.cobalt.com 80 2) 8011 deleted3.cobalt.com 85 3) 8020 deleted4.cobalt.com 80 4) 8021 deleted5.cobalt.com 80 B. Create the Proxy AutoConfiguration (.pac) file 1. Make a directory called "C:\cobalt\proxy\" 2. Save the text from item VI. (below) to a new file "C:\cobalt\proxy\ssh.pac" C. Tell Netscape to use the "ssh.pac" file 1. Run Netscape 2. Go to "edit/preferences/advance/proxies" 3. click "Automatic proxy configuration Configuration location (URL:)" (say that 10 times in a row) 4. enter "file:///c|/cobalt/proxy/ssh.pac" 5. click "OK" IV. Testing it out: 1. Make sure that SecureCRT (or whatever your port-forwarding SSH client is) is connected to [deleted].cobalt.com 2. Make sure Netscape is running 3. Go to "http://www.netscape.com/" (just to make sure it's working -normally-) 4. Try to go to "http://[deleted].cobalt.com/" 1. If it works, you will reach the "Cobalt Engineering Home Page" at 'http://[deleted].cobaltnet.com/[deleted]' 2. If it fails you will see your browser timeout or it will say "Connection Refused". V. Gotchas 1. If it doesn't work, it's not supported 2. If it does work, it's not supported 3. If your computer happens to have an IP address in the range of 192.168.100.X it will try to use my Squid-based AdZapping web cache (you may be prompted for a username/login if you have a NAT box and it connects to my cache). If this is the case you will need to hunt down the section in the Javascript that does this and change "192.168.100.0" to be something other than your LAN IP addresses. 4. SecureCRT disconnects after a certain timeout is reached (anyone have a recommendation on automating a keep-alive that won't interfere with the session?) 5. There's no way to make SecureCRT run automatically only when you are going to a Cobalt page in your web browser ... since you have to manually make 2 connections to use PPTP, this isn't such a big deal. 6. If you need to go to a server that I didn't map for you, you will need to edit the Javascript and add a new port forwarding. I tried to comment the code well enough that this shouldn't be a big problem. VI. Code (everything below this should be saved as "c:\cobalt\proxy\ssh.pac" // // Geoff's Automatic Proxy Configurator // // ... Version 20000215-1.0 // // ... barely based on http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.2 // which was in turn based on information from // Oskar Pearson and the Internet Solution (http://www.is.co.za) // // The purpose of this file is to ... automatically go through proxies // for certain URLs, but not for others. This allows us to combine with // SSH to securely view pages on the Cobalt LAN. // // Additionally, if we are connected via the aDSL line at home and are // on the 192.168.100.X network then we should go through the Squid // AdZapper running on the Qube2. // // Relies heavily on the Javascript RegExp functions ... might be (much) // more slim'n'trim if I'd use substring and indexOf but this is a 4 hour // hack job and it's 4am. If you want to work on improving the coding // please send me modifications. Not sure if I'm going to run into // Javascript crashes because of this ... I don't think .pac files // were intended to be this complicated :) // // All internal cobalt URLs go through a proxy that is tunnelled and // port-forwarded via an SSH connection to [deleted].cobalt.com. This is // facilitated by SecureCRT. // // SecureCRT/SSH Port-forwarding: // ... Start at port 8000 // ... Designated 10 ports per machine // ... Example: // 1) port 8020 goes to deleted4.cobalt.com:80 // 2) port 8021 goes to deleted5.cobalt.com:81 // 3) ports 8022-8029 are reserved for future ports on deleted.cobalt.com // ... Map (built via an Array): // DON'T EDIT THE NEXT 4 LINES ... var CobaltPrivate = new Array(); CobaltPrivate["Map"] = new Array( // edit lines that look like: // "[host]:[port];[SSH port]", // BEGIN EDITING HERE: "deleted1:80 ; 8000", "deleted2:80 ; 8010", "deleted3:85 ; 8011", "deleted4:80 ; 8020", "deleted5:81 ; 8021", // : HERE ENDS EDITING // NO END-USER SERVICEABLE CODE BEYOND THIS POINT! // next line blank ... I always forget to omit the "," from the last // variable if I don't have this line ... "blank;0000" // always remove the "," from the last! ); // Split the "Map" array information into useable forms CobaltPrivate["HostColonPort"] = new Array(); for (var mapped in CobaltPrivate["Map"]) { // matchedRegex is a pattern to split lines like: // [host]:[http port];[ssh port] // into "[host]:[http port]" and "[ssh port]" // ... the split character is ";" and we remove whitespace // before and after the split character. matchedRegex = /([\S]*)\s*\;\s*([\S]*)/; matchedHostColonPort = CobaltPrivate["Map"][mapped].replace(matchedRegex, "$1"); matchedSSHPort = CobaltPrivate["Map"][mapped].replace(matchedRegex, "$2"); CobaltPrivate["HostColonPort"][matchedHostColonPort] = matchedSSHPort; } function FindProxyForURL(url, host) { // Rules: // I. Normal Connection if ( // a) is this a non-cobalt page? // [anything that doesn't match cobalt(net|).com] ! shExpMatch( host, "*.cobalt(net|).com") || // b) is this a plain hostname? // [ie, "qube2", not "qube2.cobalt.com"] isPlainHostName(host) || // c) is this a public Cobalt page? // [ie, ends with "cobalt(net|).com" but not listed in array] ! IsCobaltPrivate(host) ) { // Determine how we are connected: if ( isInNet( myIpAddress(), "192.168.100.0", "255.255.255.0") ) { // 1) To the aDSL LAN? Then use the Squid on the Qube2. return "PROXY stonewall.ergastulum.com:3128; DIRECT"; // 2) To another network? Then use a direct connection. } else { return "DIRECT"; } } // II. Any -other- Cobalt pages should be proxied via the SSH tunnels // [an array provide mapping from the matched name to the port] if (shExpMatch( host, "*.cobalt(net|).com")) { // We have to get the 'host:port' from the URL ... // Let's make this a function ... prettier code. HostColonPort = GetSSHPort(url,host); return "PROXY localhost:" + CobaltPrivate["HostColonPort"][HostColonPort] + "; DIRECT"; } // Done. } // A function to get the [SSH port] associated with a [host]:[http port] function GetSSHPort(TestURL,TestHost) { // Get the [host]:[http port] (if there is a port) from the URL TestURLRegex = /^[^:]*\:\/\/([^\/]*).*/; TestURLMatch = TestURL.replace(TestURLRegex, "$1"); TestURLLower = TestURLMatch.toLowerCase(); // Get the hostname and, if supplied, port TestURLLowerRegex = /^([^\.]*)[^\:]*(.*)/; NewHost = TestURLLower.replace(TestURLLowerRegex, "$1"); NewPort = TestURLLower.replace(TestURLLowerRegex, "$2"); // If no port was explicitely stated, it needs to be ":80" if (NewPort == "") { NewPort = ":80"; } return NewHost + NewPort; } // A function to test whether we are hitting a private Cobalt URL function IsCobaltPrivate(TestHost) { // Get the hostname and domain name separated and in lowercase TestHostRegex = /^([^\.]*)\.?(.*)/; TestHostMatch = TestHost.replace(TestHostRegex, "$1"); TestHostDomain = TestHost.replace(TestHostRegex, "$2"); TestHostLower = TestHostMatch.toLowerCase(); TestHostDomainLower = TestHostDomain.toLowerCase(); // Make sure the domain name is what we are looking for // ... if not then abort the routine TestHostDomainRegex = /\.?cobalt(net|)\.com$/; if (! TestHostDomainLower.match(TestHostDomainRegex)) { return false; } // Ok, we got this far, compare the hostname with the // array we built in the global section and return // true if we matched a hostname. for (var HostColonPort in CobaltPrivate["HostColonPort"]) { CobaltHostRegex = /^([^\:]*).*/; CobaltHostMatch = HostColonPort.replace(CobaltHostRegex, "$1"); CobaltHostLower = CobaltHostMatch.toLowerCase(); if (CobaltHostLower == TestHostLower) { return true; } } return false; }

updating component.

Silent failure => m15 However, the keywords field says crash, even though I don't see any indication of a crash here. If it does crash, let me know so we can see if this needs to go in the beta.

there was no crash in my initial example ... that's why I said it "fails silently, no crash" in the subject :) It may have crashed on one of the other people attached to this report, dunno, the keyword "crash" was added after I filed the incident. Let me know if I can help test this in the future.

Moving to M17 which is now considered part of beta2.

Need clayton to assist with [beta2+] or [beta2-]call. ccing him.

Putting on [NEED INFO] radar. clayton to investigate.

Per gagan request, marking a dup. *** This bug has been marked as a duplicate of 20145 ***

verif. DUP