HTTP Proxy Authentication From CLI


HTTP Proxies

We deploy a firewall between our internet zones and working zones. This helps segregate possible flawed traffic from testing and keeps possibly harmful traffic from affecting the internet. To access the network from our workstations, we have to authentication through a firewall proxy for port 80 and 443. This box will keep track of our source IP and it’s authentication status. We use timeout rules to prevent wrongfully accessed machines from getting out using any protocol until authenticated.

Servers Don’t Have Browsers?!

Normally, servers deployed in a data center style infrastructure run headless. This means there is no desktop, X-Server, Gnome, or KDE running. Everything you do is via CLI.

The normal process to authenticate to the proxy is to open a browser and access a page that crosses this firewall. The firewall will ask you to log in using WWW-Authenticate. If you don’t have a browser, how could you do this?

Using WGET

Wget is a utility, very similar to cURL, which perform HTTP GET’s by default. Luckily, it has many, many options configurable. Two options will solve our problem include user and password.

These two options will pass a username and password to the WWW-Authenticate headers. This is exactly what we need.

This will display the following output:

Once completed, you can access the internet from your server without the need of a GUI.

Leave a Reply