I’m hoping some benevolent reader out there can give me a hand here as I’m banging my head against the wall with this. The scenario is this:

I have one system that can access a private school network and do not want to setup the same vpn connection on other systems. So this little box has a connection to the school vpn, and I have the following in ~/.ssh/config in order to access it, which forwards locally to the proxy server at the school so I can get onto their internal site(s).

Host school
  Hostname fw.school.com
  User vdanen
  LocalForward 33306 dev.school.com:3306
  LocalForward 2228 dev.school.com:3128
  compression yes 
  KeepAlive yes

And this works fine. This also means I have to ssh into the box (which is good from an authentication standpoint) in order to access any services. Consider this a poor-man’s VPN. Incidentally it also lets me use some GUI mysql tools to access the database.

I want to use an automatic proxy.pac file on my local web server, so I have http://server/proxy.pac that contains:

function FindProxyForURL(url, host)
    if (shExpMatch(url, "http://*.school.com*"))
        return "PROXY localhost:2228; DIRECT";
    if (shExpMatch(url, "https://*.school.com*"))
        return "PROXY localhost:2228; DIRECT";

    return "DIRECT";

The problem I have is that I can get to http://.school.com sites, but https://.school.com sites aren’t hitting the proxy at all. I use OpenDNS at home, so they keep pointing to OpenDNS. I can work around this in Firefox by setting the network.proxy.{http,ssl} and network.proxy.{http,ssl}_port settings in about:config, but I want this to be system-wide (thus the proxy.pac file). On OS X, if I use the System Preferences to have the auto-proxy setup and point it to the proxy.pac file, I can get the http:// sites from the school, but not the https:// ones (which is problematic).

I’ve been looking and reading all over the place and there doesn’t seem to be anyone with this problem that I’ve found so far, which either means I’m doing something wrong or no one is trying to get to https sites via a proxy setup like this. I’m leaning towards wrong as if I do something like:

$ http_proxy="http://localhost:2228" elinks https://secure.school.com

I get an error about the host being down. But if I ssh into the host and do:

$ http_proxy="http://dev.school.com:3128" elinks https://secure.school.com

It works. I don’t get it because localhost:2228 is most definitely forwarding to dev.school.com:3128. Does anyone have any ideas on what might be wrong here? Getting it to work in Firefox is great, but it also needs to work with Safari as well (if it didn’t, I’d be satisfied with the manual settings in Firefox).

Share on: TwitterLinkedIn




Stay in touch