cancel
Showing results for 
Search instead for 
Did you mean: 

The proxy could not connect to the destination in time error

Hello all

We are an online services developer and not a user of Web Gateway ourselves. One of our large corporate clients does use Web Gateway on their network and when trying to access our online services is receiving the following error message 'The proxy could not connect to the destination in time'. By researching this error on Google we have established it is coming from their McAfee Web Gateway.

We have recently upgraded our solution and introduced two different versions of our client software. We now have a piece of Javascript code that loads first and detects the capabilities of the device accessing our service. Then depending on the result we serve the appropriate version - Silverlight (legacy) or HTML5 (aimed at tablets & mobile devics). Prior to our upgrade, our client was not experiencing this problem - so this tells us that something inside our detection code is where the problem lies!

Here's how it works...

The functionality is contained in a single Javascript file that is loaded by the index HTML when the URL is accessed. There is a test in that file which detects if the query string contains a "silverlight=yes" or"html5=yes" parameter. If either of these conditions is met, then a function is called which loads the appropriate client.

The code that does this looks like this:

// If there is an explicit parameter, use HTML5 orSilverlight

if (param("html5") === "yes" ||param("silverlight") === "yes") {

     if(param("html5") === "yes") {

          launchHTML5(_nc_jsonurl);

     } else {

          launchSL(_nc_bubbleURL);

     }

}

You can see that the functions that get run are called "launchHTML5" and "launchSL" respectively. The problem does not appear when the query string parameters are used, so we can deduce that there is no issue with the "launchHTML5" or "launchSL" functions.

So onwards into or code...

If there is no matching query string, we then call a function to detect if Silverlight is installed:

function gotSilverlight() {

     var sl, result= false;

     if(typeof(window.ActiveXObject) !== "undefined") {

          try{

               sl= new ActiveXObject("AgControl.AgControl");

               result= true;

          }catch (e) {

               //Silverlight not installed.

          }

     } else {

          if(navigator.platform !== "MacPPC" && navigator.platform !=="MacIntel") {

               try{

                   if(navigator.plugins["Silverlight Plug-In"]) {

                        result = true;

                   }

               }catch (e) {

                   //Silverlight not installed.

               }

          }

     }

     return result;

}

It seems that this is the code that is causing the problem - possibly because we are trying to create an ActiveXObject dynamically??

Does anyone have any ideas what is going wrong?

Thanks

Ed






0 Kudos
5 Replies
eelsasser
Level 15

Re: The proxy could not connect to the destination in time error

Do you have a test site we can try that walks through this detection code?

I can't generically say yes or no this is causing the problem.

I'd have to take the whole session in context and look at it end to end.

If we can re-create the conditions, we can probably tell why it's blocking/stripping. Your theory may be accurate about the ActiveX object creation, but it's hard to be definitive.

It could also be something totally different and unexpected, like Sliverlight not honoring proxy settings or authentcation.

Plus, the customer may have additional policy that is also blocking something that we may not be blocking by default.

If you think it's that one particular html page and/or javascript, the customer could always bypass or loosen the scanning of that single URL.

0 Kudos

Re: The proxy could not connect to the destination in time error

Hello eelsasser

Thanks for getting in touch, please try this URL...

http://www.bubl.com/bubble/help

This is representative of what our client is trying to access.

Cheers
Ed

0 Kudos
eelsasser
Level 15

Re: The proxy could not connect to the destination in time error

Which IE, and with or without silverlight?

I get to it with IE10 and silverlight installed.

Capture.png

The detect.js comes to my client intact and is not blocked in any way.

However, to Jon's point, the silverlight app download did take a while (10 seconds) which is ok for me, but you will get a message like that if the response from the web server is dealyed for more than the default of 120 seconds.

0 Kudos
McAfee Employee

Re: The proxy could not connect to the destination in time error

eelsasser wrote:

Which IE, and with or without silverlight?

I get to it with IE10 and silverlight installed.

Capture.png

The detect.js comes to my client intact and is not blocked in any way.

However, to Jon's point, the silverlight app download did take a while (10 seconds) which is ok for me, but you will get a message like that if the response from the web server is dealyed for more than the default of 120 seconds.

to clarify Erik's comment "delayed" meaning no response from the web server for 2 minutes (not a slow connection download of two minutes)

0 Kudos
McAfee Employee

Re: The proxy could not connect to the destination in time error

Hi Ed,

The error you referenced typically has nothing to do with coding (unless perhaps the URL attempting to be reached, is used the the coding).

It indicates there is a problem with the network in some way shape or form. This could be happening because the Web Gateway cannot contact the URL in question, or it could happen because an IPS detected some malicious behavior and blocked the connection midstream.

Do you have any idea of what the URL looks like when it is requested via the javascript?

In the end a tcpdump/network capture would be useful to track this down (from a MWG perspective). To gather this I would suggest having the customer open a SR with support. If they have opened an SR you can post it here and I can reach out to them.

Best,

Jon

edit: looks like others were writing at the same time I was

Message was edited by: jscholte on 7/3/13 11:39:04 AM CDT
0 Kudos