REQUEST DOCUMENT with Proxy

We are attempting to access the web from NAT 4.2.4 PL1 on a mainframe. We can see internal services but as soon as we need to go outside, we hit proxy problems. We cannot figure out how to log on to the proxy server so we can get out.
We have tried logging on with various credentials:
REQUEST DOCUMENT FROM #alice-uri
WITH
HEADER
NAME ‘Proxy-Authorization’ VALUE #credentials
RETURN
HEADER ALL #HDR
PAGE #A
ENCODED IN CODEPAGE ‘UTF-8’
RESPONSE #RESP

Where #alice-uri is “http://IP of our proxy:port” and #credentials is “userid,password”.

This gets HTTP 400, bad request, from Alice.

We have also tried just going to a web site with the user and password in the header:
#XMLURI := ‘HTTP://www.imrf.org

  • request the html page
    REQUEST DOCUMENT FROM #XMLURI
    WITH USER ‘andy-e’
    PASSWORD #password
    RETURN
    PAGE XMLDATA ENCODED CODEPAGE ’ ’
    RESPONSE #RC
    This gets HTTP 403 from Alice (our proxy server)

Does anyone else have this working? Cross-posting on SAG-L

what is your XML parameter (either dynamically or in NATPARM) set to - do you have RDP, RDPPORT and RDNOP set?

Also, have you tried:

 
REQUEST DOCUMENT FROM #XMLURI
WITH HEADER
   NAME 'Proxy-Authorization' VALUE #credentials
RETURN
  PAGE XMLDATA ENCODED CODEPAGE ' '
  RESPONSE #RC 

If you look at my example, yes, we tried that format of RD several times and several ways calling the proxy directly with credentials.

This is how I’m starting NATURAL under CICS:natl XML=(ON,RDP=‘10.50.1.2’,RDPPORT=8080,RDNOP=‘*.imrf.org’,RDOC=ON,PARSE=ON)

Yes, but your examples don’t show calling the external address with Proxy-Authorization header. Your RDNOP will exclude passing addresses to *.imrf.org by the proxy server, so if your “external” address is “www.imrf.org”, then your RDNOP says not to send it via the proxy server.

With sites specified by RDNOP, you shouldn’t have to log on to the proxy server; to get to other sites (not included in the RDNOP mask) will have to use Proxy-Authorization. If you have to log on to the proxy server in all cases, then don’t specify RDNOP.

Except it doesn’t. If I have the RDNOP stuff specified, I can’t access anything without authenticating against the proxy.
It did not occur to me to combine the header information into one call. I did and now I get a 407:
#RESP: 407
#HDR: HTTP/1.0 407 Proxy Authentication Required?Server: Squid/2.4.STABLE6?
Mime-Version: 1.0?Date: Fri, 18 Apr 2008 21:37:58 GMT?Content-Type: text/html?
Content-Length: 955?Expires: Fri, 18 Apr 2008 21:37:58 GMT?X-Squid-Error: ERR_
CACHE_ACCESS_DENIED 0?Proxy-Authenticate: Basic realm=“Squid proxy-caching web
server”?X-Cache: MISS from alice.imrf.org?Proxy-Connection: close??

?ERROR: Cache Access Denied???

ERROR

?

Cache Access Denied

?
?

?While trying to retrieve the URL:?http://www.aje826.net?

?The following error was encountered:?

    ?
  • ??Cache Access Denied.?</

    THIS IS THE CODE:

    • build authentication information
      compress ‘andy-e,’ #password into #credentials leaving no space
      **
      REQUEST DOCUMENT FROM #URI
      WITH
      HEADER
      NAME ‘Proxy-Authorization’ VALUE #credentials
      NAME ‘Request-Method’ VALUE ‘POST’
      DATA
      NAME ‘StockSymbol’ VALUE ‘MSFT’
      NAME ‘LicenseKey’ VALUE ‘0’
      RETURN
      HEADER ALL #HDR
      PAGE #A
      ENCODED IN CODEPAGE ‘ISO-8859-1’
      RESPONSE #RESP

hmm - just to cross off the obvious item: the password is probably case sensitive, so you are inputting it in lower case, yes?

Since you are now getting a response from the proxy server, can you check on the proxy logs to see why it didn’t let you through?

also - try a colon “:” as the credentials separator (between userid and password) instead of a comma.

We tried to capture some information in the proxy logs but couldn’t find anything. I’m not sure why. I think they have some of the logging turned off. I got sidetracked by NATURAL for Eclipse so I haven’t been pressing this one. The person I need to get involved is busy through next week so I’m thinking right after Memorial Day we’ll be trying this again.
Thanks…