13

There's another question that answers this though it doesn't specify anything regarding proxy authentication.

Its solution is

(setq url-proxy-services '(("no_proxy" . "work\\.com")
                           ("http" . "proxy.work.com:911")))
Community
  • 1
  • 1
Pedro Rolo
  • 28,273
  • 12
  • 60
  • 94

5 Answers5

12

Nowadays, my approach to the "authenticated proxy problem" is to use CNTLM. It is portable, quite easy to configure and may be run as deamon.

Pedro Rolo
  • 28,273
  • 12
  • 60
  • 94
  • CNTLM has completely bypassed all of my previous http tunnel issues -- I have no complaints about it whatsoever. (On an authenticated proxy too) – Tim S. Nov 18 '14 at 15:52
  • After struggling with all proxy configurations I could find, I have to say tools such as `CNTLM`, `proxychains` are the best solution so far. I really hope something could be done to make a unique working proxy setting in emacs. – squid Nov 26 '15 at 06:22
  • doesn't cntlm need to control the ports? In which case it won't run in a corporate environment where the workstation is running a corporate firewall. – Adam Jan 08 '18 at 13:56
7

I get authorization working without user interaction by:

(setq url-proxy-services
   '(("no_proxy" . "^\\(localhost\\|10.*\\)")
     ("http" . "proxy.com:8080")
     ("https" . "proxy.com:8080")))

(setq url-http-proxy-basic-auth-storage
    (list (list "proxy.com:8080"
                (cons "Input your LDAP UID !"
                      (base64-encode-string "LOGIN:PASSWORD")))))

This work for Emacs 24.3. It based on non-public API tricks, so might not work in anther Emacs versions...

Replace LOGIN and PASSWORD with your auth info...

gavenkoa
  • 45,285
  • 19
  • 251
  • 303
  • Works great. I wonder if there is a way to get it to ask for my password. – M Smith Oct 10 '13 at 21:28
  • If I remember proper it ask about password if you only set `url-proxy-services`. In Emacs 24.x – gavenkoa Oct 11 '13 at 07:56
  • 1
    Oh, man! I even want to donate you! I sit behind corporete firewall, and couldn't access to mepla, but now this solution works! – Andrew Jan 15 '15 at 09:39
  • 1
    Also have a look at the emacs auth-source library which is part of emacs. It allows you to define a .authinfo.gpg file where you can specify protocols and addresses and the login/password. On the first attempt to access the resource with the specified protocol, emacs will prompt for your gpg key, which is used to open your authinfo file. From that point on, it will use the info in this file until you quit your session. Means you don't need to provide the password every time and as the passwords are protected by gpg, you can be failry confident they are secure – Tim X Nov 24 '15 at 00:38
  • 1
    @Tim I use `~/.authinfo` (same as `~/.netrc`) for Gnus, but don't known that Emacs may use `~/.authinfo` as auth storage for HTTP proxy. Is that true? – gavenkoa Nov 24 '15 at 08:06
  • how to fill the "LOGIN:PASSWORD" for an un-authencated proxy? – squid Nov 24 '15 at 15:38
  • @squid Simply don't use `url-http-proxy-basic-auth-storage`, or don't provide entry to your `proxy.com:8080`! – gavenkoa Nov 24 '15 at 15:54
  • 1
    @gavenkoa it will depend on the emacs library/mode you are using. For example, it hsould work for those emacs modes which use libraries that are auth-source aware. However, it probably won't work for something which just puts an elisp wrapper around a shell command i.e. browse-url will likely work, but a wrapper which calls curl probably won't – Tim X Nov 25 '15 at 05:43
6

Well, if you really want to do this and do not mind using another program then ... socat is the answer. Use socat to forward a local port through to a connection passing through the http proxy. You are not bypassing it, just "bolting on" the functionality to an application that does not have it (in case anyone asks). This might be difficult.

Another solution that would work great if you are on a unixy OS is to install your own non-authenticating http proxy that uses the authenticating proxy (like squid). This might look like circumvention to some people. Be careful.

For example, take a look at Proxytunnel.

UPDATE: Mike Hoss seems to be correct in the comment he adds to the question linked to above. The URL package will ask for id and password. At least that is what I see in the defun for url-http-create-request in file url-http.el.

Community
  • 1
  • 1
Allen
  • 2,228
  • 18
  • 22
3

In case anyone else hits what I've just struggled with:

If you use cntlm or some other local authenticating proxy, you may need to specify a loopback IP address rather than "localhost". I found "localhost" silently failed, but "127.0.0.1" worked a treat.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
nathan_messer
  • 31
  • 1
2

ELPA uses the "url" package. As far as I know, there is no way to do proxy authentication with it.

Can you set up your proxy auth outside of Emacs?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
thermans
  • 1,169
  • 2
  • 14
  • 24
  • well, yes, in other programs (e.g. firefox) I can provide them my user name and password for a certain http proxy And everything goes fine... – Pedro Rolo May 26 '10 at 16:48
  • After setting the proxy as described in the question text, ELPA is now asking for user/pw when updating the package list and can access the http repository via an authenticating proxy. [Emacs 24.3.1, Windows, Vincent Goulet's distribution] – Bernhard Kausler Apr 22 '14 at 09:57