Le proxy est bien configuré dans l'environnement du serveur mais il semble y avoir une authentification qui est requise puisque le proxy nous redirige vers des pages d'authentification en boucle lorsque je tente d'accéder via HTTP à une URL et via HTTPS on reçoit une erreur "Connection reset by peer".
- HTTP qui boucle sur l'authentification :
[root@vm1srv-inmedia ~]# curl -L -v http://repo01.bibliomondo.com/test.txt * About to connect() to proxy proxysrv.la-metro.org port 3129 (#0) * Trying 10.1.2.253... * Connected to proxysrv.la-metro.org (10.1.2.253) port 3129 (#0) > GET http://repo01.bibliomondo.com/test.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: repo01.bibliomondo.com > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 303 See Other < Server: squid/4.5 < Date: Thu, 21 Nov 2019 15:38:27 GMT < Content-Length: 0 < Location: http://PROXY1.LA-METRO.ORG:9123/redirect/?SessionID=969715553 < X-Cache: MISS from VM1SRV-PROXY1-SQUID-73359739 < X-Cache-Lookup: MISS from VM1SRV-PROXY1-SQUID-73359739:3127 < Connection: keep-alive < * Connection #0 to host proxysrv.la-metro.org left intact * Issue another request to this URL: 'http://PROXY1.LA-METRO.ORG:9123/redirect/?SessionID=969715553' * About to connect() to proxy proxysrv.la-metro.org port 3129 (#1) * Trying 10.1.2.253... * Connected to proxysrv.la-metro.org (10.1.2.253) port 3129 (#1) > GET http://PROXY1.LA-METRO.ORG:9123/redirect/?SessionID=969715553 HTTP/1.1 > User-Agent: curl/7.29.0 > Host: PROXY1.LA-METRO.ORG:9123 > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 303 See Other < Server: squid/4.5 < Date: Thu, 21 Nov 2019 15:38:27 GMT < Content-Length: 0 < Location: http://PROXY1.LA-METRO.ORG:9123/redirect/?SessionID=849494335 < X-Cache: MISS from VM1SRV-PROXY1-SQUID-73359739 < X-Cache-Lookup: MISS from VM1SRV-PROXY1-SQUID-73359739:3127 < Connection: keep-alive < * Connection #1 to host proxysrv.la-metro.org left intact * Maximum (50) redirects followed
- HTTPS qui ne fonctionne pas :
[root@vm1srv-inmedia ~]# curl -L -v https://repo01.bibliomondo.com/test.txt * About to connect() to proxy proxysrv.la-metro.org port 3129 (#0) * Trying 10.1.2.253... * Connected to proxysrv.la-metro.org (10.1.2.253) port 3129 (#0) * Establish HTTP proxy tunnel to repo01.bibliomondo.com:443 > CONNECT repo01.bibliomondo.com:443 HTTP/1.1 > Host: repo01.bibliomondo.com:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -5961 (PR_CONNECT_RESET_ERROR) * TCP connection reset by peer * Closing connection 0 curl: (35) TCP connection reset by peer
Donc l'accès à internet ne fonctionne pas actuellement.
bypass le proxy :
curl --noproxy '*' -L -v https://b77-smb-v5-dev.apps.paris.fr/WebInterface
Vérifier le temps de réponse d'un WebService:
Exemple Bordeaux avec WS AFI
time curl 'https://portail.mediatheques.talence.fr/multimedia/authenticate/login/21909000737269/password/16061963MAR!'
Exemple Bordeaux avec PX:
time curl 'http://172.8.1.107:8080/portfolio/rest/selfcheck/getPatronRecord/21909000737269/16061963MAR!/fr'
Récupérer le certificat d'un site WEB avec CURL:
echo -n | openssl s_client -showcerts -connect rocky9502.bibliomondo.fr:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > redroot.pem