The port number is the number of the port that the proxy is listening on in your config - in mine that was 2443. For you it looks like 443.
You are probably having a problem authenticating that host, given that you are using an IP address for it.. TLS requires a certificate witha matching hostname chained to a CA in the trust store. So I recommend return "HTTPS origin-www.abc.com:443;" and then the proxy will need a signed cert for that name. On Fri, Jul 11, 2014 at 7:39 AM, Sindhu <[email protected]> wrote: > Hi Patrick, > > Yes, you are right. I am trying to proxy over TLS. > I want to clarify one thing though. Is the port number in the return > statement 2443 or 443? > I tried using both(with the aurora build) and I faced issues with both. > With 2443 the page remains in a connecting state( I assume there is no > process listening on 2443) and with 443 I get the ns_error_unknown_host > error(though I'm able to connect to the domain without using a pac file). > The pac file I am using looks like this: > > function FindProxyForURL(url,host) { > if(shExpMatch(host, "^www\.abc\.com$")){ > var new_ip=dnsResolve("origin-www.abc.com"); > var proxyval = "HTTPS "+new_ip+":443;"; > return proxyval; > } > } > > I can also send the http logs if that would help. > > Sindhu Simhadri > > > On 8 July 2014 18:02, Patrick McManus <[email protected]> wrote: > >> Hi Sindhu - I I believe we have a confusion in terminology. >> >> I believe that you are trying to proxy over TLS (or some people call it >> proxy over https) - not that you are having trouble proxing https:// >> urls. Is that correct? >> >> proxying https urls should work just fine with your original >> configuration - the https request will be tunneled through the proxy using >> the CONNECT method and thus be opaque to the proxy, but it will be routed >> through it. >> >> If you would like to proxy http:// and or https:// using an https >> /TLSconnection to the proxy then you need a new feature that is on firefox >> 32 and newer. That's currently the aurora channel. >> >> To use that the pac file would look like >> >> function FindProxyForURL(url, host) { >> return "HTTPS localhost:2443;" >> } >> >> Note that https:// urls will still be routed through the connect method >> at the proxy. If you are trying to see the contents of the https >> transaction at the proxy that is not possible - https:// urls are >> encrypted end to end. >> >> hope that helps. >> >> -Patrick >> >> >> On Tue, Jul 8, 2014 at 1:55 AM, Sindhu <[email protected]> wrote: >> >>> Hi, >>> >>> I am trying to use a PAC file to redirect http / https requests. >>> >>> The following function works for a http request but it throws an >>> NS_ERROR_UNKNOWN_PROXY_HOST error for* https* requests. >>> >>> >>> function FindProxyForURL(url, host) { >>> return "PROXY x.x.x.x;" >>> } >>> >>> And if i change the function to : >>> >>> function FindProxyForURL(url, host) { >>> return "PROXY x.x.x.x:443;" >>> } >>> >>> it throws NS_ERROR_NET_RESET error. >>> >>> Is it possible to redirect https requests through a PAC file? Or is there >>> any other way to achieve this? >>> >>> >>> >>> ---------- Forwarded message ---------- >>> From: Patrick McManus <[email protected]> >>> Date: 2 July 2014 20:15 >>> Subject: Re: Using a Pac File to redirect https requests. >>> To: Sindhu <[email protected]> >>> Cc: [email protected] >>> >>> >>> you can use a PAC file to route all http and https generated by gecko. >>> https will of course be tunneled through the proxy using CONNECT because >>> it >>> needs to be end to end for appropriate security. >>> >>> e.g. >>> >>> function FindProxyForURL(url, host) { >>> return "PROXY localhost:2443;" >>> } >>> >>> dev-tech-network is probably the right place to followup to get the right >>> visibility - you should supply the pac file there. >>> >>> >>> >>> On Wed, Jul 2, 2014 at 1:12 AM, Sindhu <[email protected]> wrote: >>> >>> > Hi, >>> > >>> > I have an extension which uses a PAC file to redirect particular >>> requests >>> > to a proxy server. But this doesn't working for any *https *request. >>> >>> > Firefox always uses a DIRECT connection for https requests. Is there >>> any >>> > way to redirect https requests using a PAC file? Or is there any other >>> way >>> > to achieve this? >>> > >>> > Sindhu Simhadri >>> > >>> > _______________________________________________ >>> > firefox-dev mailing list >>> > [email protected] >>> > https://mail.mozilla.org/listinfo/firefox-dev >>> > >>> > >>> _______________________________________________ >>> dev-tech-network mailing list >>> [email protected] >>> https://lists.mozilla.org/listinfo/dev-tech-network >>> >> >> > _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
