Send / Receive with firewalls

Got the dreaded “HTTP Error 400: Bad Request” while doing Send/Receive? Are you in an office or campus environment with an IT department?  It’s likely that there is a firewall blocking you, and you’ll need to talk to the IT folks.

There are two options, one local to the client machine and the other on the ip cop box itself:

But first an explanation of the underlying issue.  When mercurial sends some of its data it can result in a long GET request.  Some proxies / content filters can’t deal with this and then truncate the request.  When this is delivered to the server the request doesn’t make sense anymore (at the http level) so the error code 400 is returned.  This basically means ‘that didn’t make sense’.  It’s not a server down response.  So, one solution is to by pass the filter for this domain by telling mercurial to use the proxy directly, the other is to modify the ip cop box to not use the proxy / filter for this domain.

Option 1: Local to the client machine

If you have an IPCop box in your setup and perhaps a wireless router in your network setup and the IPCop box is using squid and dansguardian then you will need to manually set the proxy that chorus / mercurial uses for send / receive

The file to edit is in the <your wesay project folder>\.hg folder.  It is called hgrc.  You can edit that with notepad.

[http_proxy]
host=<IP Address of IPCop Box>:8080

Maybe there is an IT person that helps with networking?  Perhaps they could help you with this.


Option 2: The IP Cop Box

Your IT person they might be interested in this:

In ipcop, you’d need to edit the “/etc/rc.d/rc.firewall.local”

file and add some new rules.


At the bottom of the "start" section (i.e. these should be the last


rules in the "start" section) you need to add:




/sbin/iptables -I FORWARD -i $GREEN_DEV -d hg.palaso.org


 -p tcp --dport 80 -j ACCEPT


/sbin/iptables -t nat -I PREROUTING -i $GREEN_DEV


 -d hg.palaso.org -p tcp --dport 80 -j ACCEPT




Then at the bottom of the "stop" section, you'll need to add:




/sbin/iptables -D FORWARD -i $GREEN_DEV  -d hg.palaso.org


 -p tcp --dport 80 -j ACCEPT


/sbin/iptables -t nat -D PREROUTING -i $GREEN_DEV


 -d hg.palaso.org -p tcp --dport 80 -j ACCEPT




This assumes that the network is being NATed to the GREEN network on


ipcop.  If it’s going to the BLUE or ORANGE, you’d need to change the


"$GREEN_DEV" to be the appropriate network.




This will stop ipcop from transparently proxying http requests to


"hg.palaso.org".  Then hg works as expected.

 

								



  		
		

	

			

		
		
				
	
		



		

 



    








 















	
© 2011 palaso.org 

	Powered by Wordpress. Design by Luka Cvrk, Wordpressed by EGO.