HTTP Firefox認証の確認

ブログ » HTTP Firefox認証の確認

13 Apr 2014 00:57公開

FirefoxでAjaxを利用するとProxy NTLM認証。

2010/06/28の記事です。

FirefoxでAjaxを利用するとProxy NTLM認証がうまく通らないが、IEなら特に問題がない。理由を調査してみた。
===Firefoxのログ===
ヘッダーを含むログは下記の通り
<pre>
<nowiki>
リクエストヘッダソース表示
Host <host>
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 GTB7.0 ( .NET CLR 3.5.30729)
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.7,ja;q=0.3
Accept-Encoding gzip,deflate
Accept-Charset Shift_JIS,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Content-Length 91
Content-Type text/plain; charset=UTF-8
Origin null
Pragma no-cache
Cache-Control no-cache

レスポンスヘッダソース表示
Server squid/2.6.STABLE6
Date Mon, 28 Jun 2010 02:58:54 GMT
Content-Type text/html
Content-Length 1358
Expires Mon, 28 Jun 2010 02:58:54 GMT
X-Squid-Error ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate NTLM Basic realm="Proxy Server"
X-Cache MISS from unknown
X-Cache-Lookup NONE from unknown:8080
Via 1.0 unknown:8080 (squid/2.6.STABLE6)
Proxy-Connection close

リクエストヘッダソース表示
Host <host>
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 GTB7.0 ( .NET CLR 3.5.30729)
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.7,ja;q=0.3
Accept-Encoding gzip,deflate
Accept-Charset Shift_JIS,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Cookie JSESSIONID=azlerd0w67I6
Proxy-Authorization NTLM TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAABIAEgBIAAAADgAOAFoAAAAOAA4AaAAAAAAAAACmAAAABYKIogUBKAoAAAAPRABNAC0ASABJAEsAQQBSAEkAMQAwADQAOQAxADMAMABNADAANAAwADEAMwA4ALNoT3RFff2TAAAAAAAAAAAAAAAAAAAAABQSWyozxZBmn8yzzMgpOL9EkfSFrID+UA==

レスポンスヘッダソース表示
Date Mon, 28 Jun 2010 03:02:41 GMT
Server Apache/2.0.52 (Win32)
Cache-Control private
Content-Length 315
Keep-Alive timeout=15, max=100
Connection Keep-Alive
Content-Type text/html;charset=shift_JIS
Via 1.1 <host> (Alteon iSD-SSL/4.2.1.15)
</nowiki>
</pre>

===IEのログ===
ヘッダーを含むログは下記の通り
<pre>
<nowiki>

CONNECT <host>: 443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache

HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.6.STABLE6
Date: Mon, 28 Jun 2010 07:12:36 GMT
Content-Type: text/html
Content-Length: 1358
Expires: Mon, 28 Jun 2010 07:12:36 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="Proxy Server"
X-Cache: MISS from unknown
X-Cache-Lookup: NONE from unknown:8080
Via: 1.0 unknown:8080 (squid/2.6.STABLE6)
Proxy-Connection: close

CONNECT <host>: 443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAAD1==

HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.6.STABLE6
Date: Mon, 28 Jun 2010 07:12:36 GMT
Content-Type: text/html
Content-Length: 1358
Expires: Mon, 28 Jun 2010 07:12:36 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAEgASADAAAAAFgomiPqU8ZJ1gfwIAAAAAAAAAALQAtABCAAAARABNAC0ASABJAEsAQQBSAEkAAgASAEQATQAtAEgASQBLAEEAUgBJAAEAFABQAFIATwBYAFkALQBXAEIAMAAzAAQAMgBkAG0ALQBoAGkAawBhAHIAaQAuAGEAZAAuAGgAaQBrAGEAcgBpAC4AYwBvAC4AagBwAAMASABwAHIAbwB4AHkALQB3AGIAMAAzAC4AZABtAC0AaABpAGsAYQByAGkALgBhAGQALgBoAGkAawBhAHIAaQAuAGMAbwAuAGoAcAAAAAAA
X-Cache: MISS from unknown
X-Cache-Lookup: NONE from unknown:8080
Via: 1.0 unknown:8080 (squid/2.6.STABLE6)
Proxy-Connection: keep-alive

CONNECT <host>: 443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAABIAEgBIAAAADgAOAFoAAAAOAA4AaAAAAAAAAACmAAAABYKIogUBKAoAAAAPRABNAC0ASABJAEsAQQBSAEkAMQAwADQAOQAxADMAMABNADAANAAwADEAMwA4AB5DOO+IbozCAAAAAAAAAAAAAAAAAAAAAPnGwBI00q/9LyziQmyw/Ag8WwYNmv6SUD==

HTTP/1.0 200 Connection established

POST /sbc/Entry/ServiceCheck.jsp HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 91
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=a4vMLVW6vPrg

_kubun=1&_userid=<userid>&_password=<password>&_phone_1=03&_phone_2=1234&_phone_3=5678

HTTP/1.1 200 OK
Date: Mon, 28 Jun 2010 07:12:52 GMT
Server: Apache/2.0.52 (Win32)
Cache-Control: private
Content-Length: 120
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=shift_JIS
Via: 1.1 <host> (Alteon iSD-SSL/4.2.1.15)
</nowiki>
</pre>

===通常IEでPOST===
<pre>
<nowiki>
CONNECT <host>: 443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache

HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.6.STABLE6
Date: Mon, 28 Jun 2010 08:10:03 GMT
Content-Type: text/html
Content-Length: 1358
Expires: Mon, 28 Jun 2010 08:10:03 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="Proxy Server"
X-Cache: MISS from unknown
X-Cache-Lookup: NONE from unknown:8080
Via: 1.0 unknown:8080 (squid/2.6.STABLE6)
Proxy-Connection: close

CONNECT <host>: 443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==

HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.6.STABLE6
Date: Mon, 28 Jun 2010 08:10:03 GMT
Content-Type: text/html
Content-Length: 1358
Expires: Mon, 28 Jun 2010 08:10:03 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAEgASADAAAAAFgomivXp/Rt2jjNUAAAAAAAAAADwAPABCAAAARABNAC0ASABJAEsAQQBSAEkAAgASAEQATQAtAEgASQBLAEEAUgBJAAEAFgBQAFIATwBYAFkALQBPAFAAUgAwADQABAAAAAMAAAAAAAAA
X-Cache: MISS from unknown
X-Cache-Lookup: NONE from unknown:8080
Via: 1.0 unknown:8080 (squid/2.6.STABLE6)
Proxy-Connection: keep-alive

CONNECT <host>: 443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAABIAEgBIAAAADgAOAFoAAAAOAA4AaAAAAAAAAACmAAAABYKIogUBKAoAAAAPRABNAC0ASABJAEsAQQBSAEkAMQAwADQAOQAxADMAMABNADAANAAwADEAMwA4AEYefl/62x1OAAAAAAAAAAAAAAAAAAAAABGYea/ZbM6YZcrus74zMXCfQboLhyEkHy==

HTTP/1.0 200 Connection established

POST /sbc/Entry/ServiceCheck.jsp HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, */*
Referer: http://localhost/test/testEntryTest.html
Accept-Language: ja
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; CIBA; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: <host>
Content-Length: 91
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=a4vMLVW6vPrg

_kubun=1&_userid=<userid>&_password=<password>&_phone_1=03&_phone_2=1234&_phone_3=5678

HTTP/1.1 200 OK
Date: Mon, 28 Jun 2010 08:10:04 GMT
Server: Apache/2.0.52 (Win32)
Cache-Control: private
Content-Length: 315
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=shift_JIS
Via: 1.1 <host> (Alteon iSD-SSL/4.2.1.15)
</nowiki>
</pre>

===違い===
その違いはまず対象サーバのConnect要求にAjax Requestを解釈してく。それから、Basic AuthenticationとProxyサーバの戻り値が来ら、そのままブラウザが持っているNTLM認証でProxyにぶつかっていく。その結果、3回ぐらいのやりとりが終わったら、Connection自体は信頼されていて、Ajax Requestがなられても、自動的にProxy Authenticationヘッダーが負荷されるから、特に問題にはならない。

レーティング

rating: 0+x

コメント

Add a New Comment