5 Replies Latest reply on Jul 3, 2013 4:32 PM by Jon Scholten

    The proxy could not connect to the destination in time error

      Hello all

       

      We are an online services developer and not a user of Web Gateway ourselves. One of our large corporate clients does use Web Gateway on their network and when trying to access our online services is receiving the following error message 'The proxy could not connect to the destination in time'. By researching this error on Google we have established it is coming from their McAfee Web Gateway.

       

      We have recently upgraded our solution and introduced two different versions of our client software. We now have a piece of Javascript code that loads first and detects the capabilities of the device accessing our service. Then depending on the result we serve the appropriate version - Silverlight (legacy) or HTML5 (aimed at tablets & mobile devics). Prior to our upgrade, our client was not experiencing this problem - so this tells us that something inside our detection code is where the problem lies!

       

      Here's how it works...

       

      The functionality is contained in a single Javascript file that is loaded by the index HTML when the URL is accessed. There is a test in that file which detects if the query string contains a "silverlight=yes" or"html5=yes" parameter. If either of these conditions is met, then a function is called which loads the appropriate client.

       

      The code that does this looks like this:

       

      // If there is an explicit parameter, use HTML5 orSilverlight

      if (param("html5") === "yes" ||param("silverlight") === "yes") {

           if(param("html5") === "yes") {

                launchHTML5(_nc_jsonurl);

           } else {

                launchSL(_nc_bubbleURL);

           }

      }

       

      You can see that the functions that get run are called "launchHTML5" and "launchSL" respectively. The problem does not appear when the query string parameters are used, so we can deduce that there is no issue with the "launchHTML5" or "launchSL" functions.

       

      So onwards into or code...

       

      If there is no matching query string, we then call a function to detect if Silverlight is installed:

       

      function gotSilverlight() {

           var sl, result= false;

           if(typeof(window.ActiveXObject) !== "undefined") {

                try{

                     sl= new ActiveXObject("AgControl.AgControl");

                     result= true;

                }catch (e) {

                     //Silverlight not installed.

                }

           } else {

                if(navigator.platform !== "MacPPC" && navigator.platform !=="MacIntel") {

                     try{

                         if(navigator.plugins["Silverlight Plug-In"]) {

                              result = true;

                         }

                     }catch (e) {

                         //Silverlight not installed.

                     }

                }

           }

           return result;

      }

       

      It seems that this is the code that is causing the problem - possibly because we are trying to create an ActiveXObject dynamically??

       

      Does anyone have any ideas what is going wrong?

       

      Thanks

      Ed


       



       


       


        • 1. Re: The proxy could not connect to the destination in time error

          Do you have a test site we can try that walks through this detection code?

          I can't generically say yes or no this is causing the problem.

          I'd have to take the whole session in context and look at it end to end.

          If we can re-create the conditions, we can probably tell why it's blocking/stripping. Your theory may be accurate about the ActiveX object creation, but it's hard to be definitive.

          It could also be something totally different and unexpected, like Sliverlight not honoring proxy settings or authentcation.

           

          Plus, the customer may have additional policy that is also blocking something that we may not be blocking by default.

          If you think it's that one particular html page and/or javascript, the customer could always bypass or loosen the scanning of that single URL.

          • 2. Re: The proxy could not connect to the destination in time error

            Hello eelsasser

             

            Thanks for getting in touch, please try this URL...

             

            http://www.bubl.com/bubble/help

             

            This is representative of what our client is trying to access.

             

            Cheers
            Ed

            • 3. Re: The proxy could not connect to the destination in time error
              Jon Scholten

              Hi Ed,

               

              The error you referenced typically has nothing to do with coding (unless perhaps the URL attempting to be reached, is used the the coding).

               

              It indicates there is a problem with the network in some way shape or form. This could be happening because the Web Gateway cannot contact the URL in question, or it could happen because an IPS detected some malicious behavior and blocked the connection midstream.

               

              Do you have any idea of what the URL looks like when it is requested via the javascript?

               

              In the end a tcpdump/network capture would be useful to track this down (from a MWG perspective). To gather this I would suggest having the customer open a SR with support. If they have opened an SR you can post it here and I can reach out to them.

               

              Best,

              Jon

               

              edit: looks like others were writing at the same time I was

               

              Message was edited by: jscholte on 7/3/13 11:39:04 AM CDT
              • 4. Re: The proxy could not connect to the destination in time error

                Which IE, and with or without silverlight?

                I get to it with IE10 and silverlight installed.

                Capture.png

                 

                The detect.js comes to my client intact and is not blocked in any way.

                 

                However, to Jon's point, the silverlight app download did take a while (10 seconds) which is ok for me, but you will get a message like that if the response from the web server is dealyed for more than the default of 120 seconds.

                • 5. Re: The proxy could not connect to the destination in time error
                  Jon Scholten

                  eelsasser wrote:

                   

                  Which IE, and with or without silverlight?

                  I get to it with IE10 and silverlight installed.

                  Capture.png

                   

                  The detect.js comes to my client intact and is not blocked in any way.

                   

                  However, to Jon's point, the silverlight app download did take a while (10 seconds) which is ok for me, but you will get a message like that if the response from the web server is dealyed for more than the default of 120 seconds.

                   

                  to clarify Erik's comment "delayed" meaning no response from the web server for 2 minutes (not a slow connection download of two minutes)