After few weeks, into launch of a global application, I received word that a couple of employees have been unable to gain access to their internal networks in Europe, and are outside the realm of the global corporate intranet. A system is also in place to allow members to gain access to the corporate intranet, which was put in place by an external company called Scalable Networks.

This all works fine; however, there is a proxy in place that rewrites all URLs, which we were not involved with or any aspects of security. We did not know of a proxy’s existence until a week before launch. As such, the Proxy rewrites every URL using CGI, and JavaScript; the problem being is aspects such as Flash with the source of the data files loaded into Flash being embedded into Flash itself, and other areas that are dependant on JavaScript. Whilst the public site for the corporate intranet uses very limited amounts of flash and JavaScript, the admin section relies on a couple aspects of JavaScript to pull in data via AJAX, and utilises JavaScript to create a virtual FileSystem. All of which, the real path to the data is masqueraded by the proxy itself, and all paths that are referenced despite being relative result in a 404 error.

Now many aspects of the admin now appear to have to be rewritten or hacked to compliment the proxy in place.

An example is…

https://www.example.com/,host=intranet.domain.com,port=80,proto=http/https://www.example.com/,host=intranet.domain.com,port=80,proto=http/Style/Screen.css

A lesson learned is to always reference the data source of a flash file externally rather than embedding the location…

./Flash.swf?DataSource=/,host=intranet.domain.com,port=80,proto=http/DataSource.php&Debug=1&DebugFile=trace.php

As you can see even referencing files as relative will not work correctly, if the proxy cannot parse the URL.