curl-users
Re: Re: Through proxy to dial up internet
Date: Mon, 18 Sep 2000 13:38:05 +0200 (MET DST)
On Mon, 18 Sep 2000, Anzej Lemut wrote:
> I changed then the url-to-get (without the proxy switch and username switch)
> to http://194.249.218.67/html/financni_podatki/dnevni/tecajna_lista.asp to
> avoid name server.
>
> Now the return error is:
> curl: (7) Can't connect to server: 2
Just avoiding the name server doesn't solve your problem. If you're off-line
it means your are OFF the line. You can't connect to remote servers while
being off-line.
Isn't it so that you must use the proxy in order to reach the remote site?
> COMMAND:
> GET http://194.249.218.67/html/financni_podatki/dnevni/tecajna_lista.asp
> HTTP/
> 1.0
> Proxy-authorization: Basic encodedusernameandpassword
> User-Agent: curl/7.1 (win32) libcurl 7.1.1
> Host: 194.249.218.67:80
> Pragma: no-cache
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
>
> RESPONSE:
> HTTP/1.1 407 Proxy authentication required Proxy-Authenticate: NTLM
> Content-Length: 503 Content-Type: text/html
The message saying "Proxy authentication required Proxy-Authenticate: NTLM"
sure gives us some hints. And it is a said story I'm about to reveal here.
NTLM is an undocumented authentication scheme used by Microsoft browsers,
proxies and servers.
The existance of this protocol is news to me, and it sure involves tricky
stuff to allow me to make curl support this. Not only is all docs
reverse-engineered, it is also for authenticating *connections* instead of
requests why the connection has to be kept alive while the handshaking is
taking place. It seems to be some kind of challange response thing, said to
be less secure than the Digest method but better than Basic (mostly anything
would be better than Basic though).
Informational pages about this NTLM crap:
http://www.innovation.ch/java/ntlm.html
The Squid NTLM project:
http://squid.sourceforge.net/ntlm/
If curl is ever gonna support this, I need extensive help from skilled people
who's also running/using this kind of proxy/server.
-- Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77 ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`olReceived on 2000-09-18