cancel
Showing results for 
Search instead for 
Did you mean: 
jmejia
Level 7

Subversion and McAfee Web Gateway 6.8.7 build 9979

Hello all,

When running svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/FCKeditor from a linux server I get the following from our Web Gateway:

svn: Repository moved permanently to 'http://our.ip.address:9094/transauth?wwid=1311272773&url=http://svn.wikimedia.org/svnroot/mediawiki/... please relocate

I've called support for help on this but am having a hard time finding someone to answer my question. Keep in mind that I'm also assigned to a group pretty much allowed to go anywhere on the net.

If anyone knows how to fix this it would be greatly appreciated.

Thanks

0 Kudos
6 Replies
McAfee Employee

Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

That is the Web Gateway redirecting to the authentication server (hence port 9094).

This is done when a user is not authenticated, we will redirect a user to the auth server. See KB64005 if you would like to exempt a URL/application from authentication.

~Jon

0 Kudos
McAfee Employee

Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

Also, what is the SR # for which you reported this issue?

~jon

0 Kudos
jmejia
Level 7

Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

Thanks for your reply.

Here's the SR# 3-1613028897

So there's two issues at hand here. One that I'm currently working on is this one posted here on this forum for svn. The other issue listed in the SR is using apt-get or aptitude behind the Web Gateway. I do get a ton of latency and sometimes get errors of 'hash mismatch' on packages I pull down from the Ubuntu repos.

With authentication and our gateway configured to authenticate transparently we would only be able to authenticate with machines currently in our domain. Is there a way to pass it credentials over cli? If not, can we skip this process for this machine?

Thanks

0 Kudos
McAfee Employee

Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

Hi again,

Looking at that case I didnt see any mention of the problem mentioned above.

But basically, there is not a way to pass the creds over CLI (easily). As far as skipping authentication, yes that can be done with a simple IP mapping (User Managment > Web Mapping, then put an IP mapping above a group or user mapping).

As far as the apt-get issue, I dont see any data on the case to look through, but in my dealings with it in the past, it will use piplining, which is not enabled by default on the WG. While this may not be the cause of the "hashmistch", perhaps its related.

To enable piplining, see instructions below:

-Enable the Secure Administration Shell under, Configuration > Secure Administration Shell and check the box on the left side.

-In the 'Server Host Keys' section make sure that a RSA key has been generated, if nothing exists under 'Fingerprint' click the 'Generate' button on the right.

***If you would like to restrict access to only the Webwasher you can configure that in the port settings.

-Open up an SSH client such as putty.

-Specify Webwasher's IP address and 9092 as the port.

-Type the following:

get global.ProxyEngine.SupportHTTP11Pipelining

set global.ProxyEngine.SupportHTTP11Pipelining 1

get global.ProxyEngine.SupportHTTP11Pipelining

The Secure Administration Shell allows for command line config changes that otherwise would require a restart of the Webwasher service. For more information type 'help' once logged into the Admin shell. If you do not wish to keep the Secure Admin Shell enabled you can disable it after completing the above command.

~jon

0 Kudos
jmejia
Level 7

Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

Awesome! Thank you very much.

I can configure a web mapping no problem to bypass authentication, cool tip.

What are the drawbacks of me doing the pipelining config? Can I revert those global changes if I need to?

Thanks again Jon

0 Kudos
McAfee Employee

Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

No problems with using pipelining that I know of.

To revert type:

set global.ProxyEngine.SupportHTTP11Pipelining 0

~jon

0 Kudos