[RC5] Firewall Authorization Problem with RC5 Client

Jeremy D. Zawodny jzawodn at wcnet.org
Mon Mar 2 12:25:37 EST 1998


I'm attempting to run a couple of v2.7 clients which sit behind a proxy
server and Firewall (Checkpoint FW-1 version 3) which requires basic
authentication for HTTP access. I've set them up to use my standard
Netscpe/MSIE proxy host and port, but I get network errors like this in my
Win32 GUI:

  Network::Error Read failed 3/0
  Network::Error Read failed 3/0
  Network::Error Read failed 23/0
  Unable to fetch more blocks, generating random block.
  Please look into correcting your network problems as soon as possible.

So I got curious and put a network sniffer on it. What I found wasn't too
helpful, but I'll explain a bit here to see if it clues anyone else in.

I traced a HTTP requests and responses between my Win32 GUI client and our
proxy. Nothing seemed unusual, except that the Firewall was responding with
an error message about the username/password being wrong (or missing).

So I accessed something (the Weather Channel, if you must know) with IE4
and sniffed it. I noticed a few subtle differences between the two. With
IE4, the Proxy Authorization header looked like "Proxy-Authorization: ..."
while the RC5 client was generating one that looked like
"Proxy-authorization: ..." Note that the only difference between the two
was capitalization.

On a hunch, I hex-edited the RC5 client, and fixed that (which is not to
say it was broken -- I think the headers are case-INsensitive).

Still no go.

Everything else about the communication "seems" normal.

Any thoughts?

Have others had trouble and/or success behind FW-1 with basic authentication?

Any ideas on how I can further debug this?


Jeremy D. Zawodny                 jzawodn at wcnet.org
Web Server Administrator          www at wcnet.org
Wood County Free Net (Ohio)       http://www.wcnet.org/
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list