Getting Chrome working through NTLM proxy
555 views
Skip to first unread message
sherod
Sep 4, 2008, 6:35:10 PM9/4/08
to The Java Posse
Hi all.
I've had a few people contact me directly about how I got Chrome
working through an NTLM proxy.
At the time, it turned out I actually hadn't, I suspect it was a
temporary issue with the company proxy server that let me through, but
the inquiries have made me seek a real solution. You can read a fair
and balanced assessment of MS Proxy server here :)
http://toastytech.com/evil/msproxy.html
In short, I don't believe Chrome supports it directly, but you can get
it working by setting up an NTLM proxy server on your local PC and
routing your browser through it.
Here is one way using Dmitry Rozmanov 'NTLM Authorization Proxy
Server'
1. Install Python
2. Read the instructions, then download and install the proxy
software: http://www.geocities.com/rozmanov/ntlm/index.html
3. You will need to edit applications server.cfg with your proxy
server details
4. You may need to edit the .py files to remove some russian
characters that cause the interpretor to vomit (this was on Windows
XP)
5. Start the local proxy server
6. Point your Windows internet config at your local proxy.
7. Start Chrome (or IE, or Safari - all browsers except Firefox will
now be using your local proxy).
Note, you may not get the fastest user experience, but it does seem to
work.
I've had a few people contact me directly about how I got Chrome
working through an NTLM proxy.
At the time, it turned out I actually hadn't, I suspect it was a
temporary issue with the company proxy server that let me through, but
the inquiries have made me seek a real solution. You can read a fair
and balanced assessment of MS Proxy server here :)
http://toastytech.com/evil/msproxy.html
In short, I don't believe Chrome supports it directly, but you can get
it working by setting up an NTLM proxy server on your local PC and
routing your browser through it.
Here is one way using Dmitry Rozmanov 'NTLM Authorization Proxy
Server'
1. Install Python
2. Read the instructions, then download and install the proxy
software: http://www.geocities.com/rozmanov/ntlm/index.html
3. You will need to edit applications server.cfg with your proxy
server details
4. You may need to edit the .py files to remove some russian
characters that cause the interpretor to vomit (this was on Windows
XP)
5. Start the local proxy server
6. Point your Windows internet config at your local proxy.
7. Start Chrome (or IE, or Safari - all browsers except Firefox will
now be using your local proxy).
Note, you may not get the fastest user experience, but it does seem to
work.
atolk
Sep 4, 2008, 7:11:31 PM9/4/08
to The Java Posse
Thank you for confirming what our local boy wonder figured told me
yesterday. I basically gave up after hearing his workaround
suggestion and the caveat.
He suggested using a different proxy: http://ntlmaps.sourceforge.net/
He also suggested compiling it into an EXE (to speed things up?) I
got stuck on that step. I downloaded (also on his advice) IronPython,
and while I was busy figuring out how to generate an EXE out of the
Python scripts, teh guru e-mailed me the following:
"Doing some more looking around, Chrome seems to be slamming the proxy
server. It keeps trying to open a remote-winsock control channel on
port 1745 with its specified proxy server – and attempts to do so at a
rate of about two attempts per second, as long as the browser remains
open.
This is, in effect, flooding the proxy server, which probably has a
hard limit on the number of allowable open channels from a single
client machine to prevent DoS attacks. So as a result you wind up
effectively DoS’ing yourself.
The reason the Python proxy alleviates the problem is that the Chrome
client begins to slam it instead of the ISA server, and it doesn’t
proxy those remote requests across the wire to the real server.
However, the end result is that your CPU gets pegged at 100% as the
Python script struggles to keep up with the request flood.
This is just miserably poor code on Google’s part – half second
retries for a failed channel are simply beyond the pale in network
programming. Whoever did that should be kicked out on his ass and
never allowed to touch a networked system again."
That's where I got off the Chrome bandwagon.
yesterday. I basically gave up after hearing his workaround
suggestion and the caveat.
He suggested using a different proxy: http://ntlmaps.sourceforge.net/
He also suggested compiling it into an EXE (to speed things up?) I
got stuck on that step. I downloaded (also on his advice) IronPython,
and while I was busy figuring out how to generate an EXE out of the
Python scripts, teh guru e-mailed me the following:
"Doing some more looking around, Chrome seems to be slamming the proxy
server. It keeps trying to open a remote-winsock control channel on
port 1745 with its specified proxy server – and attempts to do so at a
rate of about two attempts per second, as long as the browser remains
open.
This is, in effect, flooding the proxy server, which probably has a
hard limit on the number of allowable open channels from a single
client machine to prevent DoS attacks. So as a result you wind up
effectively DoS’ing yourself.
The reason the Python proxy alleviates the problem is that the Chrome
client begins to slam it instead of the ISA server, and it doesn’t
proxy those remote requests across the wire to the real server.
However, the end result is that your CPU gets pegged at 100% as the
Python script struggles to keep up with the request flood.
This is just miserably poor code on Google’s part – half second
retries for a failed channel are simply beyond the pale in network
programming. Whoever did that should be kicked out on his ass and
never allowed to touch a networked system again."
That's where I got off the Chrome bandwagon.
Reply all
Reply to author
Forward
0 new messages