Author Topic: Manual SSL proxy setting?  (Read 11438 times)

0 Members and 1 Guest are viewing this topic.

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Manual SSL proxy setting?
« on: July 19, 2009, 08:35:51 PM »
Ever since I upgraded from dialup to DSL a couple of years or so ago, I'd been getting fairly long "Looking up ..." delays, which became much worse when Firefox 3.5 was finalized.  Someone here was kind enough to recommend using the manual HTTP proxy setting (localhost, port 12080) rather than auto-lookup, and that made a huge improvement on ordinary sites to the point where I almost never see "looking up" any more.

I'm still getting some lookup delays when accessing secure sites, though not as bad as before.  Is there an equivalent manual setting for the SSL proxy, or is it more likely that the delay is simply from certificate checking and therefore unavoidable?
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Manual SSL proxy setting?
« Reply #1 on: July 19, 2009, 08:57:07 PM »
Sorry Mike. I do not know about SSL proxies.
Anyway, did you configure webshield accordingly to scan at 12080?
The best things in life are free.

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re: Manual SSL proxy setting?
« Reply #2 on: July 19, 2009, 09:20:25 PM »
Hi Tech,

I'm not clear what configuration you're referring to.  If I look at the setup screen (front tab) of the web shield, it shows redirected port as 80, which is probably the default and I imagine what it should be.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Manual SSL proxy setting?
« Reply #3 on: July 19, 2009, 09:24:35 PM »
Hi Tech,

I'm not clear what configuration you're referring to.  If I look at the setup screen (front tab) of the web shield, it shows redirected port as 80, which is probably the default and I imagine what it should be.
Well, if you set a proxy to 12080, you need to add this port in that webshild configuration to scan the http traffic to the port 12080, otherwise, you're unprotected. You need to uncheck the "Ignore local communication" also.
The best things in life are free.

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re: Manual SSL proxy setting?
« Reply #4 on: July 20, 2009, 12:32:26 AM »
OK, now I'm totally confused -- or maybe we both are.   :-\  With Firefox set to that manual HTTP proxy, and avast web shield showing only port 80 on that redirect line, the web shield is showing a more or less proper count of items scanned.  ???

I did untick that "ignore local" box, for whatever difference that makes.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Manual SSL proxy setting?
« Reply #5 on: July 20, 2009, 01:45:02 AM »
Sorry Mike, but what SSL Proxy are you talking about ?
So can you explain exactly what it is you want to do and why it is necessary ?

For a start avast can't scan SSL secure connections, so there is little point in even trying to get it to work.

Don't add 12080 to the web shield port redirections as it would then be an evil circle and you will disappear up your own orifice as avast redirects port 80 to localhost port 12080, so if you add that to the redirects it will just go round in circles.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re: Manual SSL proxy setting?
« Reply #6 on: July 20, 2009, 06:11:36 AM »
Hi David,

Taking your last paragraph first -- OK, sounds like we agree that my web shield setting is just fine "out of the box".

Guess I've confused you a little (or more) regarding what changes I've made where and why.  It seems like the fairly new final release of Firefox 3.5 made some changes whereby (in my XP, at least) it's been having noticeable problems with avast's "transparent" proxy setup.  I found that changing the proxy setting in Firefox's options (advanced/network/connections) from auto-detect (or no proxy, not much difference in behavior between those two) to HTTP 127.0.0.1 port 1280 made a huge improvement in connection speed when going from site to site.

I'm still getting noticeable "looking up" delays when accessing HTTPS addresses, and my son agrees that it could be one or more of SSL proxy settings, certificate checking, or even just inherent in the encryption-decryption process.  Since giving Firefox a specific HTTP proxy setting made such a big difference accessing "normal" sites, I couldn't help wondering if something similar for the SSL proxy would help with secure sites. (There's also FTP, Gopher, and SOCKS proxy options in Firefox, but I can't see any need to touch those.)

Clear as mud, as usual?

(Edit) I posted this in the avast-4 forum since it seems to relate at least hazily to the way avast sets up proxies.  But since Firefox is the only thing that's needed changed (IE8 works just fine for me with no-proxy or auto-detect settings), it might more properly belong in General Topics.  I'll leave that coin-toss up to the mods.

« Last Edit: July 20, 2009, 06:18:19 AM by MikeBCda »
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Manual SSL proxy setting?
« Reply #7 on: July 20, 2009, 02:51:40 PM »
Don't add 12080 to the web shield port redirections as it would then be an evil circle and you will disappear up your own orifice as avast redirects port 80 to localhost port 12080, so if you add that to the redirects it will just go round in circles.
Hmmm... seems I said something wrong... I do not understand these things very much. David, can you explain more about the redirection?
If the browser listen at port 12080, shouldn't it be added to WebShield settings in order to be scanned? ???
The best things in life are free.

fblais

  • Guest
Re: Manual SSL proxy setting?
« Reply #8 on: July 20, 2009, 04:02:31 PM »
Mike, if you se the GoogleBar in FF, I suggest you disable it.
I was using the GoogleBar Lite (a third-party Googlebar) and it was also slowing FF 3.5 a lot here!
(as strange as it may seem)
Alternatively, restart FF in Safe mode (there's a link for that in the program folder) and see if the speed is back to normal.
If that's the case, restart FF normally, and disable all the extensions.
Restart again and re-enable them one at a time to see which one is the culprit.
That's how I discovered the problem with GoogleBar Lite...

Regards!
François

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Manual SSL proxy setting?
« Reply #9 on: July 20, 2009, 05:01:05 PM »
Taking your last paragraph first -- OK, sounds like we agree that my web shield setting is just fine "out of the box".

Guess I've confused you a little (or more) regarding what changes I've made where and why.  It seems like the fairly new final release of Firefox 3.5 made some changes whereby (in my XP, at least) it's been having noticeable problems with avast's "transparent" proxy setup.  I found that changing the proxy setting in Firefox's options (advanced/network/connections) from auto-detect (or no proxy, not much difference in behavior between those two) to HTTP 127.0.0.1 port 1280 made a huge improvement in connection speed when going from site to site.

Nothing in the FF 3.5.0 or 3.5.1 effects the web shield proxy on my system and everything (web shield and firefox) are at default settings, see image1. However there are many people reporting connection problems with this 3.5 update and Mozilla are supposed to be working on it. It was hoped that the latest update 3.5.1 would address this but it looks like this was rushed out to close a possible security issue and the next update (3.5.2) is likely to address these connection issues.

You also made a mistake in your setting of the localhost proxy in firefox, it should have been 127.0.0.1 port 12080 (you missed a zero) the web shield proxy port. So effectively the web shield isn't scanning your http traffic (you can check that in the web shield detailed view) as you have set the browser to use port 1280 and avast isn't monitoring that port.

I'm still getting noticeable "looking up" delays when accessing HTTPS addresses, and my son agrees that it could be one or more of SSL proxy settings, certificate checking, or even just inherent in the encryption-decryption process.  Since giving Firefox a specific HTTP proxy setting made such a big difference accessing "normal" sites, I couldn't help wondering if something similar for the SSL proxy would help with secure sites. (There's also FTP, Gopher, and SOCKS proxy options in Firefox, but I can't see any need to touch those.)
Clear as mud, as usual?

I'm confused by what you actually mean by look-up delays as to me that means DNS look-up converting a domain name to an IP address. Do you mean slow page loading ?

avast doesn't monitor https traffic 'as it can't' so it shouldn't have any impact on https traffic. So you shouldn't set an SSL (HTTPS) proxy.

(Edit) I posted this in the avast-4 forum since it seems to relate at least hazily to the way avast sets up proxies.  But since Firefox is the only thing that's needed changed (IE8 works just fine for me with no-proxy or auto-detect settings), it might more properly belong in General Topics.  I'll leave that coin-toss up to the mods.

So for me set both firefox 3.5.1 and the web shield back to their default settings. Also check the Program Settings, Update (Connections) set the 'My computer is permanently connected to the Internet, and uncheck the one for dial-up. Click the Proxy button and set that to No Proxy.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Manual SSL proxy setting?
« Reply #10 on: July 20, 2009, 05:12:12 PM »
Don't add 12080 to the web shield port redirections as it would then be an evil circle and you will disappear up your own orifice as avast redirects port 80 to localhost port 12080, so if you add that to the redirects it will just go round in circles.
Hmmm... seems I said something wrong... I do not understand these things very much. David, can you explain more about the redirection?
If the browser listen at port 12080, shouldn't it be added to WebShield settings in order to be scanned? ???

If you set the browser to use 127.0.0.1 and port 12080 as used to be the case with unsupported browsers (or old OSes), then you deleted port 80 as the redirect port and unchecked the 'ignore local communication,' but you didn't add port 12080 as avasts localhost proxy is transparent and as such is already set-up.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re: Manual SSL proxy setting?
« Reply #11 on: July 20, 2009, 06:56:24 PM »
You also made a mistake in your setting of the localhost proxy in firefox, it should have been 127.0.0.1 port 12080 (you missed a zero) the web shield proxy port.
Oops, typo when posting -- I do have the port setting at 12080.  :-[

The lookup delay I'd mentioned is when FF displays "looking up ...." in the status bar after I've clicked a link, either on a webpage or from my bookmarks.  Like you, I assumed it meant a DNS lookup, but my son thinks that if the browser's proxy setting is to "auto-detect", it has to look up what the proxy is for each new link and "looking up" could also mean that.

Whatever the problem is, it's gotta be in the new FF rather than anywhere else ... as I'd mentioned, if I got disgusted enough to try with IE8 instead, that went smooth and quick without having to touch its proxy settings.

Since the manual proxy settings for FF do make a huge difference, I guess at this point there's nothing more to do but leave those as-is and wait for Mozilla to work it out at their end and do a proper repair.  Don't know if Tech's suggestion about unticking "ignore local connections" makes any difference (doesn't seem to, going by what the web shield's showing as having scanned), but I'll leave that for now too.

Thanks for all the help.  Oh, almost missed the one from Francois -- I refuse to touch any 3rd-party toolbars, and try to keep even the "native" ones to rock-bottom minimum, but thanks for pointing out that's a possible contribution to the problem.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Manual SSL proxy setting?
« Reply #12 on: July 20, 2009, 07:43:30 PM »
Before the browser starts to load the page the DNS look-up has already happened as without it nothing can happen, so this is a page loading delay/hiccup.

The auto detect is actually as far as I'm concerned is fine as a default option as when installed avast won't know if you have a proxy or not, but when installed I believe it should be set to the specific option.

The problem with the manual settings is we can't see how you have set it up both in firefox and the web shield as potentially it would mean the web shield isn't monitoring the traffic which could have a 'slight' speed increase as there shouldn't be that great a difference with the web shield on or off.

I do believe this is related to the new firefox as there are many suffering similar problems, hopefully it won't take long to resolve for you, as for me the new firefox is much faster at page loading.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Manual SSL proxy setting?
« Reply #13 on: July 20, 2009, 08:57:50 PM »
Don't add 12080 to the web shield port redirections as it would then be an evil circle and you will disappear up your own orifice as avast redirects port 80 to localhost port 12080, so if you add that to the redirects it will just go round in circles.
David, can you explain what you mean? I don't understand  :-[
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Manual SSL proxy setting?
« Reply #14 on: July 20, 2009, 09:09:00 PM »
We never needed to add 12080 to the redirected ports in avast when we manually set the browser to use the avast proxy.

Commonly this manual setting of the browser connection settings to use the avast proxy was only need to be done with older OSes (win9x/ME).

So if you set the browser to use port 12080 and you set the web shield redirect port 12080 where is the web shield going to redirect 12080 to, why to port 12080 so you now have a neat circle. So you are setting the browser to use the web shield proxy and having the web shield redirect port 12080 (the web shield proxy) to the web shield proxy.
« Last Edit: July 20, 2009, 09:13:02 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security