Post Reply 
Problem with Half-SSL...
Apr. 10, 2009, 02:14 PM (This post was last modified: Apr. 10, 2009 02:17 PM by sidki3003.)
Post: #31
RE: Problem with Half-SSL...
Great! "; secure" does get removed in the test window though, so the problem apparently isn't the string per se.

Can you post/attach the entire conversation, i.e. the corresponding request followed by the complete reply? Just the request/reply pair that contains that set-cookie header ("HTML filters" unchecked in the Log window).
Add Thank You Quote this message in a reply
Apr. 10, 2009, 03:51 PM
Post: #32
RE: Problem with Half-SSL...
see attached...
let me know if more is needed...

thanks in advance...


Attached File(s)
.txt  fail-2--headers-only.txt (Size: 16.29 KB / Downloads: 3243)
Add Thank You Quote this message in a reply
Apr. 10, 2009, 04:23 PM
Post: #33
RE: Problem with Half-SSL...
Well, the response where the secure cooke is set, "+++SSL:RESP 65+++", is part of a *Full*-SSL conversation. The "secure" field mustn't (and doesn't) get removed in this case.

Once you see "SSL:GET" (versus "GET"), you're already out of Half-SSL. In fact, the switch already occurs once the browser is sending a "CONNECT / HTTP/1.0" (IE) or "CONNECT / HTTP/1.1" (probably all other current browsers).

The last Half-SSL request i see is "+++GET 62+++", the first Full-SSL one is "+++GET 64+++ CONNECT / HTTP/1.0". GET 63 is missing. Assuming that this was a suppressed local file request, the problem would lie somewhere within the HTML content of "+++SSL:RESP 62+++".

Just guessing though...
Add Thank You Quote this message in a reply
Apr. 10, 2009, 05:03 PM
Post: #34
RE: Problem with Half-SSL...
when the bookmarked half-ssl login fails, the browser kicks me into full-ssl...

regarding content within "+++SSL:RESP 62+++", um, what should i be looking for?

should i post a second attachment with local file requests logged as well?
Add Thank You Quote this message in a reply
Apr. 10, 2009, 05:46 PM
Post: #35
RE: Problem with Half-SSL...
(Apr. 10, 2009 05:03 PM)ProxRocks Wrote:  regarding content within "+++SSL:RESP 62+++", um, what should i be looking for?

This:
Code:
    function dredirect() {
        var queryString = window.top.location.search.substring(1);
        var parameterName = "auth_redirecturl=";
        begin = queryString.indexOf(parameterName);
        if (begin != -1) {
            begin += parameterName.length;
            end = queryString.indexOf ("&" , begin);
            if (end == -1) end = queryString.length;
            window.location = unescape(queryString.substring(begin, end));
        }
    }


Below filter version might correct it, but may just as well break other SSL pages, in which case there is no "fix". Half-SSL will never work in all theoretically possible situations, so "glitch" isn't quite the right term.

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Location: 5 Half-SSL     9.04.10 (cch!) [jjoe] (d.2) (In) TEST"
URL = "$TST(keyword=(^*.a_cont_loc.)*.i_ssl_h:[12].*)"
Match = "https://(\1\?$SET(#=?)(\#\=https%3a%2f%2f$SET(#==http%3A%2F%2Fhttps-px-.))+\#|\1)"
Replace = "http://https-px-.\1\@"
Add Thank You Quote this message in a reply
Apr. 10, 2009, 06:16 PM
Post: #36
RE: Problem with Half-SSL...
(Apr. 10, 2009 05:46 PM)sidki3003 Wrote:  Below filter version might correct it, but may just as well break other SSL pages, in which case there is no "fix". Half-SSL will never work in all theoretically possible situations, so "glitch" isn't quite the right term.

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Location: 5 Half-SSL     9.04.10 (cch!) [jjoe] (d.2) (In) TEST"
URL = "$TST(keyword=(^*.a_cont_loc.)*.i_ssl_h:[12].*)"
Match = "https://(\1\?$SET(#=?)(\#\=https%3a%2f%2f$SET(#==http%3A%2F%2Fhttps-px-.))+\#|\1)"
Replace = "http://https-px-.\1\@"

agreed, wrong terminology...

that filter did it!!! problem solved! AWESOME!...
and didn't break any other SSL's that i have hear at home...
i'll be able to do a more extensive SSL test-for-breaks on Monday with office accounts...


many thanks!!!...
i'll report back on Monday after a more thorough SSL test...

so far, so good...
Add Thank You Quote this message in a reply
Apr. 17, 2009, 11:26 AM
Post: #37
RE: Problem with Half-SSL...
i'm a little late in reporting back...
but heh, i didn't say WHICH monday, so i'm claiming to be a few days early instead...


the test half-ssl location filter has been working perfectly for me with only ONE exception - logging out of Gmail (but since my cookies are axed at browser-close, guess i haven't been too concerned with it)...
Add Thank You Quote this message in a reply
Apr. 17, 2009, 12:19 PM
Post: #38
RE: Problem with Half-SSL...
Ahh okay, thanks for testing.

(Apr. 17, 2009 11:26 AM)ProxRocks Wrote:  (but since my cookies are axed at browser-close, guess i haven't been too concerned with it)

That depends. If sticking to that test version, you logically can't update to future versions.
So maybe better split that added recursive part and make it a site-specific filter.
Add Thank You Quote this message in a reply
Apr. 17, 2009, 12:42 PM
Post: #39
RE: Problem with Half-SSL...
header filters are over-my-head Sad

what i did for my daily-use config "workaround" is modified the URL keyword for the test filter and for the original...

i've got "everything" using the test filter version except Gmail, which is using the "Location: 5 Half-SSL 6.11.02 (cch!) [jjoe] (d.2) (In)" filter version...
Add Thank You Quote this message in a reply
May. 03, 2009, 08:43 PM
Post: #40
RE: Problem with Half-SSL...
Maybe this test filter is worth another shot, Google is an exception anyway.

I get the same "The page you requested is invalid." error when trying to log in from http://www.google.com/webmasters/tools/ , but this time it happens also because the "https:" strings in <input> tags get converted.

New keyword for neither modifying "https:" in query strings, nor data pairs submitted by form input elements:
a_ssl_q

Changed filters:
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Location: 5 Half-SSL     9.05.03 (cch!) [jjoe] (d.2) (In) TEST"
URL = "$TST(keyword=(^*.a_cont_loc.)*.i_ssl_h:[12].*)"
Match = "https://((^$TST(keyword=*.a_ssl_q.*))\1\?$SET(#=?)(\#\=https%3a%2f%2f$SET(#==http%3A%2F%2Fhttps-px-.))+\#|\1)"
Replace = "http://https-px-.\1\@"


[Patterns]
Name = "<*>: Half-SSL     9.05.03 (cch! multi) [sd jjoe] (d.2) TEST"
Active = TRUE
Multi = TRUE
URL = "$TYPE(htm)$TST(keyword=*.i_ssl_h:[12].*)"
Bounds = "$NEST(<[abdefhilmostu],*https://*,>)"
Limit = 2048
Match = "(^$TST(comment=1)|$TST(tNoscript=1)|<input$TST(keyword=*.a_ssl_q.*))("
        ""
        "(*\s(href|src|action|background|style|content|value|on[a-z]+)=)\#"
        "$AVQ("
        "(\\+"+ https://&\#s://$SET(#=://https-px-.)\#)"
        "|(\0https://(^$TST(\0=\\+"+ (http:/|/|..|)/*))&&\#s://$SET(#=://https-px-.))+{1,*}\#"
        ")"
        ""
        ")+{1,*}\#"
Replace = "\@"


Changed IncludeExclude entry:
Code:
# Protect the email bodies at GMail - they come as part of scripts.
# But block the text-ad files.
mail.google.com(:[0-9]+|)/mail/(\?*\&view\=ad\&    $RDIR(http://local.ptron/nirvana)
  |(\?|(^?))$SET(0=a_js.a_ads.a_type_t.a_ssl_q.))


In the last config, below entry only works for IncludeExclude-U:
Code:
## allow "https:" in queries and posted data    $SET(0=a_ssl_q.)
## ----------------------------------------------------------------------------
www.google.com/$URL(http://https-px-.)$SET(0=a_ssl_q.)
Add Thank You Quote this message in a reply
May. 03, 2009, 09:25 PM
Post: #41
RE: Problem with Half-SSL...
Hello,

I am having trouble connecting to this page using half-ssl:
http://www.shellmc.accountonline.com/

I end up with this error message:
Quote:The Proxomitron couldn't find the site named...
https-px-.www.accountonline.com
Check that the name is correct. If so, the site may have changed or may no longer exist.

TIA,
DarthTrader
Add Thank You Quote this message in a reply
May. 03, 2009, 11:42 PM
Post: #42
RE: Problem with Half-SSL...
when i click that link, it redirects me to here (in half-ssl) - http://https-px-.www.accountonline.com/c...&langId=EN

can you click the above and log in from there?
if so, you could just shortcut/bookmark the above and your browser won't have to "redirect" to it 'for you'...
Add Thank You Quote this message in a reply
May. 04, 2009, 12:02 AM (This post was last modified: May. 04, 2009 12:17 AM by DarthTrader.)
Post: #43
RE: Problem with Half-SSL...
(May. 03, 2009 11:42 PM)ProxRocks Wrote:  when i click that link, it redirects me to here (in half-ssl) - http://https-px-.www.accountonline.com/c...&langId=EN

can you click the above and log in from there?
if so, you could just shortcut/bookmark the above and your browser won't have to "redirect" to it 'for you'...

ProxRocks,

Thanks for giving it a try. I clicked the link you provided and still get the same error. My config must be corrupted. Sad No big deal, I can live without it.

EDIT: Found the problem: accountonline.com was in my Bypass List! All is well now. Thanks again!

DarthTrader
Add Thank You Quote this message in a reply
May. 04, 2009, 12:36 AM
Post: #44
RE: Problem with Half-SSL...
(May. 04, 2009 12:02 AM)DarthTrader Wrote:  EDIT: Found the problem: accountonline.com was in my Bypass List!

lol...
happens to the best of us Big Teeth
Add Thank You Quote this message in a reply
May. 09, 2009, 02:44 PM
Post: #45
RE: Problem with Half-SSL...
(May. 03, 2009 08:43 PM)sidki3003 Wrote:  Maybe this test filter is worth another shot, Google is an exception anyway.

Dropping header filter test version ("mail google.com" entry changes undone).
Keeping web filter test version and new keyword (user list entry added to - now slightly differently invoked - general list).
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: