1-Security Zone
This seems one of the best explanations. I've tried fuzzing with the configuration, but no luck. With same configuration on my browser, doesn't explain why mine works on my demo network but not on the client.
2-"Enable IWA (requires restart)" option in IE->Tools->Internet Option->Advanced.
This would seem another clear option. But once again, this option doesn't work on the client side.
3-Network definitions
Some bizarre option could define what is a sort of Intranet. Same subnetwork vs. differrent network. Subnetworks are pretty the same in my test network and at the client. I intend to change my demo network to exactly the same addresses at the client.
4-Group policy
Another possibility, as my computer doesn't have an exact same behaviour on the client side as a browser belonging to the client domain. THis could also relate to the fact that at the client, users are typically logged on to the domain when access is made. But once again, doesn't explain why connecting though a proxy should change this.
5-Special Headers
Rogan talked about the proxy introduced headers. I recall seing that at the client, but also doesn't explain why the same browser with the same proxy sometimes works and others not.
Seems probably there are at least two of the above messing with the results. I'll be checking on the client side again this week. Will make network captures to detail the information being sent. Any suggestions I may try them (like testing it with Webscarab) and then will post conclusions back.
rj
-----Original Message-----
> Quoting "Amit Klein (AKsecurity)" <aksecurity (at) hotpop (dot) com [email concealed]>:
>
>
> WebScarab did not (and does not currently) set the "Proxy-Support"
> header mentioned below, so there seems to be some inconsistency here.
>
Yes, this is pretty weird. We definitely have inconsistent reports from credible sources.
Perhaps this has something to do with the seurity zone? or some obscure configuration of IE? I think Raymond is in a good position to find out, because he experiences both phenoma (if I understand correctly).
1-Security Zone
This seems one of the best explanations. I've tried fuzzing with the configuration, but no luck. With same configuration on my browser, doesn't explain why mine works on my demo network but not on the client.
2-"Enable IWA (requires restart)" option in IE->Tools->Internet Option->Advanced.
This would seem another clear option. But once again, this option doesn't work on the client side.
3-Network definitions
Some bizarre option could define what is a sort of Intranet. Same subnetwork vs. differrent network. Subnetworks are pretty the same in my test network and at the client. I intend to change my demo network to exactly the same addresses at the client.
4-Group policy
Another possibility, as my computer doesn't have an exact same behaviour on the client side as a browser belonging to the client domain. THis could also relate to the fact that at the client, users are typically logged on to the domain when access is made. But once again, doesn't explain why connecting though a proxy should change this.
5-Special Headers
Rogan talked about the proxy introduced headers. I recall seing that at the client, but also doesn't explain why the same browser with the same proxy sometimes works and others not.
Seems probably there are at least two of the above messing with the results. I'll be checking on the client side again this week. Will make network captures to detail the information being sent. Any suggestions I may try them (like testing it with Webscarab) and then will post conclusions back.
rj
-----Original Message-----
> Quoting "Amit Klein (AKsecurity)" <aksecurity (at) hotpop (dot) com [email concealed]>:
>
>
> WebScarab did not (and does not currently) set the "Proxy-Support"
> header mentioned below, so there seems to be some inconsistency here.
>
Yes, this is pretty weird. We definitely have inconsistent reports from credible sources.
Perhaps this has something to do with the seurity zone? or some obscure configuration of IE? I think Raymond is in a good position to find out, because he experiences both phenoma (if I understand correctly).
-Amit
[ reply ]