Hi...I'm in need of masking sensitive data being displayed in my companies web site.I've gone through many proxies but many are not supporting https and ftp protocols which i really require because my company's web site is an secured site....
For example
i need <html><b>SSN</b></html> should be masked with<html><b>XXX</b></html>
Please do help me in this issue....Any help would be greatly appreciated.
Hi Rahul,
Thanks for your input. I have gone through the SJSwebproxy.
But the problem is, it only filters the content which has been included within
the html tags...For ex
<html>
<input type="text" name="text1" value="ssn">
</html>
we can change the value="ssn" to value="xxx" using this Proxy...
But unfortunately with none of this proxy servers you can edit static html text content
As i have described in my previous post, I just want to filter like this
<html>
<h1>Hai</h1>
</html>
to
<html>
<h1>xxx</h1>
</html>
Since, all the web proxy servers allow the content editing only if the
content to be edited present within a HTML ATTRIBUTE
for ex,,,<font color="RED">hai</font>
you can change this content as <font color="XXX">hai</font>, because
color is an attribute. But since hai is not an attribute, i
can't able to mask hai to xxx...
Please do help he in this issue...Looking forward to read from you....
Hi Rahul.....
I have gone through the link you gave me and tried it out. But
whatever said in the document applies only for the re-writing of URL's,
not the contents within the HTML generated source.Could you please understand my requirement?.If i get a quick follow-up, it would be grateful.
Thanks and Regards,
Chenthil Natarajan.
Hi Rahul,
I have been struck up with a serious problem.I've been
working with Sun Java Proxy Server in my home machine which has
Windows XP as it's OS.It's working fine.But when i tried to install in
my office machine,It's showing Http 500 Internal Server Error
I could be even get into the Admin Console.When i tried to go with the url, http://chenthil:8081/, it's asking for user creditionals,
after supplying the login information, it's just taking me to the Error page
Http 500 Internal Server Error(The page cannot be displayed) instead of getting into the Admin console.I have tried many times by uninstalling and reinstalling the software,but
it's not working.Same problem persists in my colleague's office machine.
Interesting thing is, for myself's & my colleague's home PCs,
it's just working fine.I'm feeling weird.Please do help me to get rid of this
problem ASAP.
Thanks and Regards,
Chenthil Natarajan
Here is the Error Message:
[22/Nov/2006:20:51:36] failure ( 2700): for host 114.9.140.140 trying to GET /proxy-admserv/bin/index, cgi_scan_headers reports: HTTP4044: the CGI program C:\Sun\ProxyServer40\bin\proxy\admin\bin\index.exe did not produce a valid header (program terminated without a valid CGI header. Check for core dump or other abnormal termination)\
Please Note: By default my company machines are pointing to another proxy server,listens in the port 80.
Please Help,
Thanks and Regards,
Chenthil Natarajan
Can you check this out?
check if any of the nspr related dlls are there in the system32 directory in the windows in your office,.
libnspr*.dll
libplc*.dll
nss*.dll
If it is there, carefully back them up, and remove them from the system32. (waiting for your input.)
In my system32 folder, i found two files with the names specified by you.They are, libnspr4.dll and libplc4.dll. No other file with nss*.dll is found.
I've created a backup for those two files and removed the files from my system.
I've restarted my system and still the problem persists.Please help...
Thanks,
Chenthil.
can you copy these two files (the ones you removed from system32) from the bin/proxy/bin directory and place into the system32 directory? and try again?
Also can you check if there is any kind of popup in the proxy machine. Check the event logs also for any logs produced by the proxy.
If it does not work, we will have to check the 'dll depends' on the index.exe for any unresolved dependencies.
Hi Rahul.
Thank you very much for your timely help.It's now working fine.I haven't deleted nss3.dll and libnspr21.dll that leads to the problem.Now I've deleted it after taking the backup.It's working fine and i can able to get the admin console.
Will it make any negative impact ( deletion of the dll files) with normal system functioning?.Please let me now.
Thank you
Thanks and Regards,
Chenthil Natarajan.
Can you cat your obj.conf here?
I assume you are trying to do
(webserver) <-https->(reverseproxy)<-http->client
In this case you should not have a problem with changing the content.
but if your configuration is a normal proxy, then you are tunnelling the ssl traffic, and you will not be able to do it since the traffic is encrypted and the proxy does not have the key to decrypt the traffic.
This is my obj.conf file
You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
# Use only forward slashes in pathnames--backslashes can cause
# problems. See the documentation for more information.
Init fn="flex-init" access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->vars.p2c-cl% %Req->vars.remote-status% %Req->vars.r2p-cl% %Req->headers.content-length% %Req->vars.p2r-cl% %Req->vars.c2p-hl% %Req->vars.p2c-hl% %Req->vars.p2r-hl% %Req->vars.r2p-hl% %Req->vars.xfer-time%"
Init fn="init-proxy" timeout="300" timeout-2="15"
<Object name="default">
AuthTrans fn="match-browser" browser=".*MSIE.*" ssl-unclean-shutdown="true"
NameTrans fn="reverse-map" from="https://*.verizon.com" to="http://CINTNCHEALP0222.vdsi.ent.verizon.com:8080" rewrite-location="true" rewrite-content-location="true"
NameTrans fn="map" from="http://CINTNCHEALP0222.vdsi.ent.verizon.com:8080" to="https://*.verizon.com" rewrite-host="true"
NameTrans fn="map" from="/" to="https://*.verizon.com" rewrite-host="true"
PathCheck fn="url-check"
ObjectType fn="block-ip"
Service fn="deny-service"
AddLog fn="flex-log" name="access"
Output fn="insert-filter" filter="content-rewrite" from="VDSI" to="Chen" type="text/*"
Output fn="insert-filter" filter="content-rewrite" from="Musical" to="xxx" type="text/*"
Output fn="insert-filter" filter="content-rewrite" from="Nite" to="day" type="text/*"
Output fn="insert-filter" filter="content-rewrite" from="Password" to="aaa" type="text/*"
Output fn="insert-filter" filter="content-rewrite" from="Residential" to="Chenthil" type="text/*"
Output fn="insert-filter" filter="content-rewrite" from="Use" to="ccc" type="text/*"
Output fn="insert-filter" filter="content-rewrite" from="Small" to="Large" type="text/*"
</Object>
<Object name="file">
PathCheck fn="nt-uri-clean"
PathCheck fn="find-index" index-names="index.html"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service fn="send-file"
Filter fn="filter-ct" regexp="(text/html|text/plain)"
</Object>
<Object ppath="VDSI">
Filter fn="filter-ct" regexp="(text/css|text/html|text/plain|text/richtext)"
</Object>
<Object ppath="ftp://.*">
ObjectType fn="cache-enable" query-maxlen="10" log-report="off"
ObjectType fn="cache-setting" lm-factor="0.10" max-uncheck="7200"
Service fn="proxy-retrieve"
</Object>
<Object ppath="http://.*">
ObjectType fn="cache-enable" query-maxlen="10" log-report="off"
ObjectType fn="cache-setting" lm-factor="0.10" max-uncheck="7200"
Service fn="proxy-retrieve" method="*"
</Object>
<Object ppath="https://.*">
Service fn="proxy-retrieve"
</Object>
<Object ppath="gopher://.*">
ObjectType fn="cache-enable" query-maxlen="10" log-report="off"
ObjectType fn="cache-setting" lm-factor="0.10" max-uncheck="7200"
Service fn="proxy-retrieve"
</Object>
<Object ppath="connect://.*:443">
Service fn="connect" method="CONNECT"
</Object>
<Object ppath="connect://.*:563">
Service fn="connect" method="CONNECT"
</Object>
<Object name="Hai">
</Object>
This is Chenthil Natarajan. Here we formed a team for Data Masking. Our objective is to mask sensitive data being displayed in the Indian browsers. US network is blessed from masking.
We are having a proxy in the US dedicated for Indian Access. Blue Coat Proxy server is running on it. It does the web filtering/Grant & Revoke access to sites etc. We had gone through a complete set of 15 proxies for data masking and Blue Coat is one of that proxies.
Many of the proxies we evaluated are capable of masking data in the format we want. The main problem is, in our company, the to-be-implemented proxy should support the traffic of 10000 concurrent users.
Our main goal is to block the sensitive data being displayed in India. Web content filtering, web sensing and site blocking has been already working with Blue Coat. The to-be-implemented proxy should be chained with the Blue Coat.
We have tested Sun Java Proxy and it is working fine with HTTP. We want to ensure whether the Sun Java Proxy Server 4.0 supports the NETWORK TRAFFIC OF 10000 USERS WITH ALL THE FILETERING TURNED ON.
Therefore, we are looking for setting up a conference call with you wherein we want to discuss its performance, support to act as a proxy, extensibility and other related issues. Since there will be a full week-off in US next week, we like to set up a call this week.
Please do mention me whom we have to contact for setting up the call. Please do reply me as soon as possible.
Hi,
I want to know regrular expression support is there in sun java web proxy server.Becuase when i try this in obj.conf file it works,
Output-fn="insert-filter" filter="content-rewrite" from="NILA2" to="XXX"
type="text/*"
But when i this using regular expression
Output-fn="insert-filter" filter="content-rewrite" from="N*.2" to="XXX"
type="text/*"
it is not working.Please help me asap.
Thanks and Regards,
Chenthil Natarajan
