ColdFusion 11 CFHTTP issue with HTTPS and proxy

[hofar...@houseoffusion.com]

Hi all,

I'm working with Adobe support on this issue but I wanted to post it out to this group in case anyone has ideas on how to deal with this situation.

We've got some internal only CF apps that live behind a web proxy on our network. In CF 9 we could make CFHTTP requests to external vendor sites over HTTPS, with the proxy attributes set correctly, everything worked great. Now we're in the process of moving to CF 11 and this no longer works (only with URLs that are accessed over HTTPS, like our payment processor, HTTP requests are fine).

As a test I set up two CFHTTP calls using the same URL, one over HTTP and one over HTTPS. On CF 11 when I use the CFHTTP tag for the HTTP URL (with proxy settings and credentials) I get a 200 OK response and the page contents (perfect). When I try the exact same tag with the HTTPS URL, I get a 407 Proxy Authentication Required (boo).

I've tried different JVMs, different platforms (Windows 7, Server 2012, Mac OS X) with no difference.

What I discovered when I did a packet capture was that for the HTTP request (CF 9 or CF 11) I had a "Proxy-Authorization" header with the credentials Base64 encoded. For the HTTPS request, CF 9 has that same Proxy-Authorization header, but CF 11 does not. In fact there are quite a few request headers missing in the HTTP request for HTTPS in CF 11.

I tried to manually add the header using the CFHTTPPARAM tag which did not seem to change anything.

I've been working with support for about three weeks now and I'm not making any headway. I have confirmed for them that everything works in CF 9 (running on JRun) but not in either CF 10 or CF 11 (which is Tomcat based). So I'm wondering if there's a Tomcat problem, but since the shipped version of Tomcat is Adobe ColdFusion specific I'm hoping that the Adobe engineers can identify a solution.

Has anyone run in to anything like this, and if so, how did you fix it?

Thanks in advance,
Lincoln


Lincoln Milner
Web Technical Lead
Database Services
Donegal Insurance Group
lincol...@donegalgroup.com<mailto:lincol...@donegalgroup.com>


E-MAIL CONFIDENTIALITY NOTICE: This e-mail from Donegal Insurance Group may contain CONFIDENTIAL and legally protected information. If you are not an intended recipient, please do not copy, use or disclose this email or its contents to others; and please notify us by calling toll free (800) 877-0600 x7880 or by replying to this message, and then delete it from your system. Delivery of this email to an unintended recipient is not a waiver of any attorney-client or other applicable privilege.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360443

[hofar...@houseoffusion.com]

I know that ColdFusion uses the Apache HttpClient to do the actual CFHTTP calls and that was upgraded for ColdFusion 11. There have been a few bugs too. I just ran a search in the Adobe bug base for CFHTTP and found proxy bug related to CFHTTP has been reported and verified. https://bugbase.adobe.com/index.cfm?event=bug&id=3935795 I’m not sure if it is related to the issue that you are experiencing, but it could be a new clue.

If what you’re seeing is different then I’d file a bug report.

Regards,
Wil


Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wil...@trunkful.com
www.trunkful.com

Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360453

[hofar...@houseoffusion.com]

Thanks, Wil.

I think I have seen that bug before in my research. I do appreciate the point about the Apache HttpClient being the underlying engine in this case. I now have something else to Google to see if anything pops up.

I'm hoping that my support interaction will yield positive results, but putting in a bug report can't hurt, I suppose.

Best,
Lincoln

-----Original Message-----
From: Wil Genovese [mailto:jug...@trunkful.com]
Sent: Friday, April 10, 2015 12:21 PM
To: cf-talk
Subject: Re: ColdFusion 11 CFHTTP issue with HTTPS and proxy


I know that ColdFusion uses the Apache HttpClient to do the actual CFHTTP calls and that was upgraded for ColdFusion 11. There have been a few bugs too. I just ran a search in the Adobe bug base for CFHTTP and found proxy bug related to CFHTTP has been reported and verified. https://bugbase.adobe.com/index.cfm?event=bug&id=3935795 I'm not sure if it is related to the issue that you are experiencing, but it could be a new clue.

If what you're seeing is different then I'd file a bug report.

Regards,
Wil


Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wil...@trunkful.com
www.trunkful.com

> On Apr 10, 2015, at 9:29 AM, Milner, Lincoln <Lincol...@donegalgroup.com> wrote:
>
>

Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360454

[hofar...@houseoffusion.com]

This Ray Camden blog post may help:

http://www.raymondcamden.com/2014/05/22/Important-note-about-ColdFusion-11-and-CFHTTP

--
Larry C. Lyons
Applications Architect
US Department of the Interior
Office of the Secretary
Office of the Chief Information Officer
--

Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360463