We are using Guacamole HTML5 Remote Desktop functionality in our application. However once we deployed Guacamole server and our customers tried accessing it from their corporate network, they have been reporting connectivity issues.
It turns out that most of the anti-virus softwares (Bitdefender, AVG etc...) are blocking access to Guacamole server through their SSL scanning feature. If we disable SSL scanning then our customers are able to connect to Guacamole server. However we cannot expect our client to permanently turn off SSL Scanning from their anti-virus software.
We also figured out that Guacamole creates an HTTP tunnel and the JS client constantly sends read and write requests. These read/write requests are of type application/octet-stream. Most of the firewall block application/octet-stream and our guess it that SSL Scanning feature in anti-virus software is also blocking because of this MIME type.
We would like to know if there is any workaround to prevent anti-virus from blocking Guacamole traffic without turning of SSL Scanning feature. We would appreciate any help, feedback or suggestions in this regard.
I was able to figure out a solution with the help from Guacamole support team. We were not using latest version of NGINX and Tomcat on our Guacamole server. Once we upgraded to latest version of these softwares, entire communication started using websockets. This also fixed all issues we were facing with anti-virus softwares.
I think your analysis of the issue is right. I had problems like this in the past with Bit Defender and ended disabling its firewall. I also had issue with fiddler (an http proxy) with long polling requests.
I'm surprised Guacamole uses an HTTP tunnel while it's an HTML5 solution and should use websockets for communication. Perhaps it's to maintain an HTTP session active.
I open sourced last month a solution comparable (Myrtille) to Guacamole. It has about the same features except it's written in C# (uses IIS and the .NET framework) instead of Java and thus is more intended for Windows Servers. If you still have issues and want to give it a try, I'll be curious and glad to have some people feeback :) (sadly few actually, it either means it works great or it's crap ^^)
Related
Is there any way to send ASCII symbol/character to USB via webpage (HTML)?
We have a local PC with a webpage running in kiosk mode. The webpage have a button that should send that symbol/character to USB. How it can be done?
Thanks for any help.
No.
Code running in web pages is sandboxed and has no direct hardware access in general and definitely no direct USB access.
It may actually be possible, though only by using an experimental feature that's only available in some browsers.
More specifically, there exists a draft specification of the WebUSB API which aims to give access to USB devices from the browser, albeit with some limitations for security reasons. For instance, Chrome requires the page to be served over HTTPS.
This feature is currently implemented in newer versions of Chrome and, according to MDN, Opera.
There is some more information about it on Google's blog.
Question is:
Is there any way to send ASCII symbol/character to USB via webpage
(HTML)?
I don't know if Electron Apps is what you call a webpage, but it is to me. If Electron App enters your usecase, you can access the NodeJS API, and therefore your machine.
This could be the answer you are looking for, if the only limitation you have for your question is the use of web languages (HTML, CSS, Javascript). If your limitation is give access to the world through a classic web browser, as #Quentin sayed in his answer, it is not possible.
Thanks god it's not possible.
Is it possible, considering I have access to all of the end user devices to allow security exceptions, to request the device mac address using any web scripting process running in Apache/IIS/Nginx? PHP? Perl? ASP?
Client devices are running iOS so this won't work http://www.qualitycodes.com/tutorial.php?articleid=19&title=MAC-Address-Using-WMI-on-Internet-Explorer
It must be possible because MDM solutions get it through a Config Profile...
In a word: no.
Actually, using the standard protocols/technologies you mentioned above it is not possible to retrieve the MAC address of the client.
What is possible is using a legacy technique where you install a "native" software on the client machine (e.g. activeX, java applet...).
That software, once installed, can retrieve easily the MAC of the client's device. Thus, it could call your web server with the MAC as an argument.
Nothing of the scenario above is expected to be implemented or is already implemented.
In our web application, we using a Java applet to invoke MS.Word application by jacob jar e.g. Word to open, edit, and when it saves automatically it uploaded to the server.
Google Chrome will no longer support NPAPI, so soon we can not run our applet in Chrome anymore.
So, any suggestions for an alternative for the Java applet. We want to make the same experience for the user, just like before.
We have the same problem. With Webstart is not longer possible to do that communication. We are going to use Websockets between webstart application and browser. Our first attempt is to start a websockets server in the webstart and make browser connect to localhosts. If this is not possible for security limitations in the browsers then we are going to do it through the webserver, browser and webstart application connecting to the webserver and exchanging messages.
I can see 2 distinct possibilities.
Create a standalone application that "wraps" your web application using a technology such as electron. You can then do your browser to desktop integration as you like. This will require an install on the client.
Launch a webstart application (or it could really be any installation that happens on the client). It will need to start a webserver, or connect to a webserver and communicate via http.
I'm saddened by the loss of the Applet. It is a technology not easily replaced. And another methods seem somewhat like 'workarounds'. There is no easy, cross-browser way to break out of the browser sandbox and access the system.
For myself, the loss of the Applet has simply meant that automating some of these processes has become too difficult and it is just better to find an alternative way of achieving a similar end result.
A small note: If you are starting a local webserver, be mindful of security. It can be accessed by other processes on the system. Wouldn't it be fun to open word on anyone's system by sending a request to a port!
I'm working on a project that involves controlling a piece of hardware over ethernet.
the remote control app should be accessible for normal browsers, tablets and possibly smartphones (and should run locally!). so as far as i see it, i'm limited to html/javascript
the device is listening on normal ethernet ports.
is there a way i can open a socket to those?
i've been reading a lot about websockets and socket.io lately, but none of them seem to really do the trick. (both require a server that understands them, which is not the case here. this device just understands plain telnet)
I'm pretty confused, as i thought that SHOULD be a pretty easy task, but right now i just don't know what to do
There is no possibility to access a socket from within the browser directly - but you can use a proxy to do this - fire up a node-server with socket.io and pipe the data-stream to the socket.
I am developing a content management system in asp.net where the users of the system will use it to submit their work as well as open their previous/unfinished work (writing) in Microsoft Word 2003. Now the problem is if I use C# System.Diagnostics library it works perfectly if the system is deployed on local server (i.e the PC on which I am developing) but I think if I deploy it on another PC and run it on a client PC using LAN connection it will launch word on PC acting as server instead of client although I haven't tried this but this is what I doubt, is there any way I can launch word on client machine using Javascript but without using ActiveX as it restrict the user to use IE only while our users choose their own browser ?
Thanks.
Not possible. Browser scripting cannot interact with the client machine, period, unless you have some plugins installed that would allow it.
Microsoft, and its ActiveX, are an exception, where they break the rules so they can improve integration with their operating system. Many people think it's another of Microsoft's blunders, since it is often viewed as a big security risk.
Nope, and for good reason too. Could you imagine if any website were allowed to run executables on client computers...?