OWS using System Proxy

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
Paul Gellissen
Posts: 14
Joined: 17 Jun 2020, 14:42

OWS using System Proxy

Post by Paul Gellissen »

Hello,

first thanks for your work on OWS.
I have found a problem with OWS using the System Proxy on Windows. In my test an application fails to start.
If I understand the logs correctly OWS reads the System Proxy settings correctly.
In the settings there is a list of addresses defined as proxy bypass.
In this it is 10.* and some more. The application that should start is hosted internally at https://10.240.58.240:443/...
When I try to start the application apparently OWS tries to reach out for the server using the proxy. At least it logs "Proxies found for ..." and shows the resolved IP for the configured proxy.
This means it does not read or uses the list of bypass addresses for the proxy.

Greetings
Paul

Janak Mulani
Posts: 241
Joined: 24 Mar 2020, 13:37

Re: OWS using System Proxy

Post by Janak Mulani »

Hi

Thanks for using OWS.

In case of System Proxy OWS will pick up the settings from the LAN settings presuming Windows OS.

To understand your issue better can you please attach the screen shot of your LAN Settings:
LanSettings.PNG
LanSettings.PNG (14.06 KiB) Viewed 3191 times
Also please send the logs.

I will try to reproduce your issue and investigate it.

Thanks

Janak

Paul Gellissen
Posts: 14
Joined: 17 Jun 2020, 14:42

Re: OWS using System Proxy

Post by Paul Gellissen »

Hi,

here is the screenshot from the proxy settings.
download/file.php?mode=view&id=43
Down below are the logs from the OWS console. I have taken some things out of the log that are internal.
Thanks for your help.

Paul

Code: Select all

init logger factory to net.sourceforge.jnlp.util.logging.OutputControllerLoggerFactory@1c20c684
OpenWebStartLauncher called with args: [-Xnofork, -verbose, C:\Users\gellissen\Downloads\viewer.jnlp].
OS: Windows 10
Java Runtime AdoptOpenJDK-1.8.0_265
using com.openwebstart.extensionpoint.OwsExtensionPoint extension point
Ico provider registered correctly.
Loading USER level properties from: file:/C:/Users/gellissen/.config/icedtea-web/deployment.properties
Property 'ows.install4j.propertyUpdate' is unknown.
Starting security dialog thread
Keystore file C:\Users\gellissen\.config\icedtea-web\security\trusted.clientcerts exists.
Loading Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.clientcerts
Operating Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.clientcerts
Operating Keystore Unknown
Keystore file C:\Program Files\AdoptOpenJDK\jre-8.0.265.01-hotspot\lib\security\trusted.jssecerts does not exists.
Loading Keystore Unknown
Operating Keystore Unknown
Keystore file C:\Program Files\AdoptOpenJDK\jre-8.0.265.01-hotspot\lib\security\trusted.certs does not exists.
Loading Keystore Unknown
Operating Keystore Unknown
Keystore file C:\Users\gellissen\.config\icedtea-web\security\trusted.jssecerts exists.
Loading Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.jssecerts
Operating Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.jssecerts
Keystore file C:\Users\gellissen\.config\icedtea-web\security\trusted.certs exists.
Loading Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.certs
Operating Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.certs
Keystore file C:\Program Files\AdoptOpenJDK\jre-8.0.265.01-hotspot\lib\security\jssecacerts does not exists.
Loading Keystore Unknown
Operating Keystore Unknown
Keystore file C:\Program Files\AdoptOpenJDK\jre-8.0.265.01-hotspot\lib\security\cacerts exists.
Loading Keystore C:\Program Files\AdoptOpenJDK\jre-8.0.265.01-hotspot\lib\security\cacerts
Operating Keystore C:\Program Files\AdoptOpenJDK\jre-8.0.265.01-hotspot\lib\security\cacerts
Keystore file C:\Users\gellissen\.config\icedtea-web\security\trusted.jssecacerts exists.
Loading Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.jssecacerts
Operating Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.jssecacerts
Keystore file C:\Users\gellissen\.config\icedtea-web\security\trusted.cacerts exists.
Loading Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.cacerts
Operating Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.cacerts
Keystore file C:\Program Files\AdoptOpenJDK\jre-8.0.265.01-hotspot\lib\security\trusted.clientcerts does not exists.
Loading Keystore Unknown
Operating Keystore Unknown
Keystore file C:\Users\gellissen\.config\icedtea-web\security\trusted.clientcerts exists.
Loading Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.clientcerts
Operating Keystore C:\Users\gellissen\.config\icedtea-web\security\trusted.clientcerts
Selected ProxyProvider : OPERATION_SYSTEM 
Windows based proxy created
Proxy server(s) defined ( registry value 'ProxyServer'). Will use configured proxy.
Http proxy congfig: host proxy.***.local - port 80
Https proxy congfig: host null - port 0
Ftp proxy congfig: host null - port 0
Socks proxy congfig: host null - port 0
proxy bypass list: [10.*, 192.168.*, 172.16.*, 172.17.*, 172.18.*, 172.28.*, 172.20.*, *.local, vmware-localhost, <local>]
Proceeding with jnlp
JNLP file location: C:\Users\gellissen\Downloads\viewer.jnlp
Will add resource at location 'file:/C:/Users/gellissen/Downloads/viewer.jnlp'
Will add resource 'viewer.jnlp'
Will check and maybe put into cache: viewer.jnlp
Download for viewer.jnlp has not been started until now
Checking download state of viewer.jnlp
Resource is not cacheable: viewer.jnlp
Download done. Shutting down executor
Using MalformedXMLParser
Homepage: null
Description: null
Jars not ready to provide attribute Application-Name
Acceptable vendor tag found, contains: Dell Inc.
good - your JRE - 1.8.0_265 - match requested JRE - 1.6+
Will add resource at location 'file:/C:/Users/gellissen/Downloads/viewer.jnlp'
Will add resource 'viewer.jnlp'
Will check and maybe put into cache: viewer.jnlp
Download for viewer.jnlp has not been started until now
Checking download state of viewer.jnlp
Resource is not cacheable: viewer.jnlp
Download done. Shutting down executor
Using MalformedXMLParser
Homepage: null
Description: null
Jars not ready to provide attribute Application-Name
Acceptable vendor tag found, contains: Dell Inc.
good - your JRE - 1.8.0_265 - match requested JRE - 1.6+
Acquired shared lock on C:\Users\GELLIS~1\AppData\Local\Temp\gellissen\netx\locks\netx_running to indicate javaws is running
Jars not ready to provide attribute Application-Name
Jars not ready to provide attribute Application-Name
call privileged method: checkSingleInstanceRunning
arg: net.sourceforge.jnlp.JNLPFile@141be00c
result: null
Will add resource at location 'https://10.240.58.240:443/images/logo.gif'
Will add resource 'logo.gif'
Will check and maybe put into cache: logo.gif
Download for logo.gif has not been started until now
Checking download state of logo.gif
Download has not been started yet: logo.gif
Download of resource logo.gif will start now!
Will check and maybe put into cache: logo.gif
Download for logo.gif has already been started.
isCached: remote size:3751 cached size:3751 -> true
isCached: https://10.240.58.240:443/images/logo.gif - (v: null) = true
needsUpdateCheck: https://10.240.58.240:443/images/logo.gif -> true
Candidate URLs for location=https://10.240.58.240:443/images/logo.gif version=null state=INCOMPLETE: [https://10.240.58.240:443/images/logo.gif]
Proxies found for 'https://10.240.58.240:443/images/logo.gif' : [HTTP @ proxy.***.local/***:80]
Attachments
2020-10-02 09_31_35-Clipboard.png
2020-10-02 09_31_35-Clipboard.png (12.08 KiB) Viewed 3184 times

Paul Gellissen
Posts: 14
Joined: 17 Jun 2020, 14:42

Re: OWS using System Proxy

Post by Paul Gellissen »

Hi,

i guess i just found out the problem myself. In the proxy settings there is a box checked that the system should use the same for all protocols.
Apparently OWS does not understand this settings correctly. In the logs posted before you can see the proxy is only set for http.

Greetings
Paul
Attachments
2020-10-02 10_06_39-Clipboard.png
2020-10-02 10_06_39-Clipboard.png (9.74 KiB) Viewed 3183 times

Janak Mulani
Posts: 241
Joined: 24 Mar 2020, 13:37

Re: OWS using System Proxy

Post by Janak Mulani »

Yes right. I was going to ask you about Advance setting where you apply the proxy to a particular protocol.

Janak Mulani
Posts: 241
Joined: 24 Mar 2020, 13:37

Re: OWS using System Proxy

Post by Janak Mulani »

Also if you notice in your LAN settings you have selected Automatically Detect Settings. It says this may interfere with Manual Setting and so must be disabled for manual setting to take effect. Please try your app after disabling it and see if it works as expected.

Paul Gellissen
Posts: 14
Joined: 17 Jun 2020, 14:42

Re: OWS using System Proxy

Post by Paul Gellissen »

I have checked it with disabled automatic selection, but it does not change anything in the behaviour.
I guess it is a problem with OWS not correctly detecting the option to use this proxy for https too.

Janak Mulani
Posts: 241
Joined: 24 Mar 2020, 13:37

Re: OWS using System Proxy

Post by Janak Mulani »

Ok. I will investigate this one and come back to you.

Janak Mulani
Posts: 241
Joined: 24 Mar 2020, 13:37

Re: OWS using System Proxy

Post by Janak Mulani »

Hi,

Just to confirm:
  1. What is your local address?
  2. Your app is hosted at https://10.240.58.240:443/
  3. You have specified a proxy server and checked bypass proxy server for local addresses
  4. You have specifed that the same proxy to be used for all protocols.
  5. Did you specify any exceptions (See picture below):
    ProxySetting.PNG
    ProxySetting.PNG (34.18 KiB) Viewed 3172 times
  6. What happens if you put https://10.240.58.240:443/ in the Exception list, shut down the proxy and run the app? The app should still run as the proxy is not supposed to be used for the addresses in the exception list.

Paul Gellissen
Posts: 14
Joined: 17 Jun 2020, 14:42

Re: OWS using System Proxy

Post by Paul Gellissen »

Hi,

1. My local adress is 10.2.10.84 .
2. Yes. It is the viewer application for a Dell iDRAC console.
3. Yes shown in the attached screenshot.
4. Yes shown in the attached screenshot.
5. Yes there are many. Mostly for local adresses like 10* or 192.168.* and some external resources.
6. I have tested it without shutting down the proxy as I cant do that. But when I added the exact IP to the exclusions it instantly worked.
Below is a bit of the log. I guess OWS matches the exact IP here and excludes it. Apparently it does not match 10.* from the exclusion list.

Code: Select all

URL connection 'https://10.240.58.240:443/images/logo.gif' header fields: {Accept-Ranges=[bytes], Keep-Alive=[timeout=60, max=199], null=[HTTP/1.1 200 OK], ETag=["17bb-e88-581d58d3"], Connection=[Keep-Alive], Content-Encoding=[gzip], Last-Modified=[Sat, 05 Nov 2016 03:58:11 GMT], Content-Length=[3720], Date=[Fri, 02 Oct 2020 20:07:45 GMT], Content-Type=[image/gif]}
URL socket://10.240.58.240:443 is excluded
URL https://10.240.58.240:443/images/logo.gif is excluded
Attachments
2020-10-02 15_13_55-Clipboard.png
2020-10-02 15_13_55-Clipboard.png (26.19 KiB) Viewed 3170 times

Janak Mulani
Posts: 241
Joined: 24 Mar 2020, 13:37

Re: OWS using System Proxy

Post by Janak Mulani »

I am not sure if 10.* is a valid wildcard spec for an IP address. May be you can try 10.*.*.*?

I did some search and found this: https://docs.microsoft.com/en-us/previo ... dfrom=MSDN

Paul Gellissen
Posts: 14
Joined: 17 Jun 2020, 14:42

Re: OWS using System Proxy

Post by Paul Gellissen »

I have tried it but that does not change the behavior. According to the logs OWS still does not match the IP.
My guess is that OWS does not match with the wildcard IP address.

Janak Mulani
Posts: 241
Joined: 24 Mar 2020, 13:37

Re: OWS using System Proxy

Post by Janak Mulani »

I will investigate.

Thanks for reporting and testing.

Stephan Classen
Posts: 185
Joined: 27 Mar 2020, 09:55

Re: OWS using System Proxy

Post by Stephan Classen »

We have taken a look at this during the last week.
The wildcard syntax which is currently accepted by Windows is not trivial.

It is possible to implement this feature. But since this will take a considerable amount of effort we will currently not prioritize this.

If this feature is a must have for your company you have the option to sponsor the development.

Post Reply