6 Replies Latest reply on Jul 21, 2011 6:36 PM by Jon Scholten

    Subversion and McAfee Web Gateway 6.8.7 build 9979

      Hello all,


      When running svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/FCKeditor from a linux server I get the following from our Web Gateway:


      svn: Repository moved permanently to 'http://our.ip.address:9094/transauth?wwid=1311272773&url=http://svn.wikimedia.or g/svnroot/mediawiki/trunk/extensions/FCKeditor'; please relocate


      I've called support for help on this but am having a hard time finding someone to answer my question. Keep in mind that I'm also assigned to a group pretty much allowed to go anywhere on the net.


      If anyone knows how to fix this it would be greatly appreciated.



        • 1. Re: Subversion and McAfee Web Gateway 6.8.7 build 9979
          Jon Scholten

          That is the Web Gateway redirecting to the authentication server (hence port 9094).


          This is done when a user is not authenticated, we will redirect a user to the auth server. See KB64005 if you would like to exempt a URL/application from authentication.



          • 2. Re: Subversion and McAfee Web Gateway 6.8.7 build 9979
            Jon Scholten

            Also, what is the SR # for which you reported this issue?



            • 3. Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

              Thanks for your reply.


              Here's the SR# 3-1613028897


              So there's two issues at hand here. One that I'm currently working on is this one posted here on this forum for svn. The other issue listed in the SR is using apt-get or aptitude behind the Web Gateway. I do get a ton of latency and sometimes get errors of 'hash mismatch' on packages I pull down from the Ubuntu repos.


              With authentication and our gateway configured to authenticate transparently we would only be able to authenticate with machines currently in our domain. Is there a way to pass it credentials over cli? If not, can we skip this process for this machine?



              • 4. Re: Subversion and McAfee Web Gateway 6.8.7 build 9979
                Jon Scholten

                Hi again,


                Looking at that case I didnt see any mention of the problem mentioned above.


                But basically, there is not a way to pass the creds over CLI (easily). As far as skipping authentication, yes that can be done with a simple IP mapping (User Managment > Web Mapping, then put an IP mapping above a group or user mapping).


                As far as the apt-get issue, I dont see any data on the case to look through, but in my dealings with it in the past, it will use piplining, which is not enabled by default on the WG. While this may not be the cause of the "hashmistch", perhaps its related.


                To enable piplining, see instructions below:


                -Enable the Secure Administration Shell under, Configuration > Secure Administration Shell and check the box on the left side.

                -In the 'Server Host Keys' section make sure that a RSA key has been generated, if nothing exists under 'Fingerprint' click the 'Generate' button on the right.

                ***If you would like to restrict access to only the Webwasher you can configure that in the port settings.

                -Open up an SSH client such as putty.

                -Specify Webwasher's IP address and 9092 as the port.

                -Type the following:

                get global.ProxyEngine.SupportHTTP11Pipelining

                set global.ProxyEngine.SupportHTTP11Pipelining 1

                get global.ProxyEngine.SupportHTTP11Pipelining


                The Secure Administration Shell allows for command line config changes that otherwise would require a restart of the Webwasher service. For more information type 'help' once logged into the Admin shell. If you do not wish to keep the Secure Admin Shell enabled you can disable it after completing the above command.



                • 5. Re: Subversion and McAfee Web Gateway 6.8.7 build 9979

                  Awesome! Thank you very much.


                  I can configure a web mapping no problem to bypass authentication, cool tip.


                  What are the drawbacks of me doing the pipelining config? Can I revert those global changes if I need to?


                  Thanks again Jon

                  • 6. Re: Subversion and McAfee Web Gateway 6.8.7 build 9979
                    Jon Scholten

                    No problems with using pipelining that I know of.


                    To revert type:

                    set global.ProxyEngine.SupportHTTP11Pipelining 0