HTTP 407 & ISA Server & Research

Thiers Botelho thiers at
Wed Nov 19 22:16:09 UTC 2003

Hi all,

Linux newbie here, trying to establish a Fedora test environment within
a hostile corporate Windows environment.

After installing Fedora (dual-boot on my personal W2K box) and seeing
that network was OK, tried to connect to some Web site thru Mozilla
and got

        HTTP 407 Proxy Authentication Required / blah blah / Access to
        Web Proxy service is denied (12209)

Did some googling and found

which let me down right from the start by stating that **authentication
can prove to be quite complex**. But I did understand that the problem
lies with ISA Server and not with Linux/Mozilla.

Talked to both sysadmins here and heard the usual litany. We're a
very small team, no time to fiddle with complex experimental issues,
knowledge for most complex configuration tasks lies with our external
partners, etc. etc.

Some more googling and found

which provide a step-by-step recipe for configuring ISA Server to
authenticate Mozilla. What I could find is that our configuration has
a couple of differences from such proposal:

        - SSL listeners disabled
        - Basic authentication disabled

Back to the admins, learned that ISA configuration was recently changed
experimentally by partners in order to accommodate a new monitoring
package (Websense I believe), so it should _NOT_ be changed. Well, no
real future in following this path. So . . .

Renewed googling and this time got something potentially more interesting:
                (which sometimes works)
                but also on

which is a Python proxy-to-proxy solution which many people swear that
overcomes the auth problems.

Well, now I step back, take a deep breath and try to define what my REAL
problem would be. Let's see:

1. Do I _NEED_ to get Mozilla to authenticate thru ISA ? Not necessarily
if some other browser would do the trick right out of the box. Is there
such a marvel ?         :))

(on a side note, I DO use Opera on Windows box - but only because it can
connect thru **MS Proxy Client**. It will refuse to talk directly to
ISA or MS-Proxy servers). I don't suppose there's a Linux port for this
middleman. recommends using either MS Proxy Client or Rozmanov's
NTLM - see

2. Is my problem restricted to Web browsing ? I'm not sure yet, having
tested only Mozilla, but I suspect that all other apps (up2date included)
won't connect thru ISA either.

3. If no other brilliant suggestion comes up, this overworked newbie
will end up fiddling with Rozmanov's solution and seeing what happens.
At the end of my googling there was standing one last URL -

which pretty much points the way here.

Well . . . this post was started together with my research. Didn't expect
much at the beginning but ended up with some tasty material to bite on.
Now if I could only find the time to test this stuff . . . but seriously,
I'd greatly appreciate some outside validation of these ramblings, as well
as all additional suggestions and comments. Really !!!


Thiers Botelho

More information about the fedora-list mailing list