-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sync through proxy #740
Comments
Do you have the proxy set up in MISP itself? On Tue, Dec 1, 2015 at 11:59 AM, David André notifications@github.com
|
You can try to use tcpdump to see what MISP actually sends to the proxy. IIRC the CakePHP proxy code does not handle all possible scenario's like authentication problems gracefully. |
Thanks for the idea @RichieB2B ! We try to connect via a proxy on a non-standard port (8102); the HTTP connect gets issued correctly but the basic authentication headers are not present, so the proxy gives a 407 Authentication required. The credentials are correct, since I used them (copy/paste to be sure to have exactly the same thing) with wget on the command line to fetch the homepage of the remote MISP instance I am trying to sync to. |
In MISP all communication with external servers is done through the SyncTool class (app/Lib/Tools/SyncTool.php). The code there is pretty straight forward:
So this appears to be an issue with HttpSocket from CakePHP, see Judging by your tcpdump test CakePHP sets and uses the host and port correctly, but not the user and password variables. |
What have you set as the proxy.method in the MISP config.php? This should be either Basic or Digest depending on your proxy. |
I used Basic since it is what we use. |
I think I fixed the issue. After overcoming a general issue with SSL via proxies in cakephp/cakephp#7834 I managed to add the Proxy-Authorization header to the CONNECT request in cakephp/cakephp#7836 You can try this fork that includes above PRs: https://github.com/RichieB2B/cakephp/tree/2.7+fixes |
cakephp/cakephp#7836 has been merged so you can just use the latest CakePHP 2.7 branch: https://github.com/cakephp/cakephp/tree/2.7 |
excellent, I update the branch to get the HEAD of cakephp 2.4 |
Could you also please do this to master branch so 2.3 users can also benefit from it? |
@RichieB2B I owe you a beer if it works! |
@elhoim go for the 2.4 branch (which is now the default branch) ;-) |
Considering as fixed :) |
Expecting that beer then from @elhoim ;-) |
Trying to sync through a proxy.
Connecting to another MISP using HTTPS. No SNI, but the certificate is for *.domain.com and I try to connect to misp.domain.com.
The error message on the job page is "Unable to perform enableCrypto operation on CakeSocket".
No additional messages in resque-worker-error.log / resque-scheduler-error.log / error.log or debug.log
No additional messages in MISP app logs.
Enabling debug does not help since it is executed in a job.
Wgetting the page, after adding the same copy/pasted proxy credentials in the shell; works to get the homepage on the same server.
Using debian wheezy latest, php v5.4.45, cakephp v2.7.7, MISP v2.3.169.
The text was updated successfully, but these errors were encountered: