Search Unity

  1. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Official Automated Proxy Detection

Discussion in 'Unity Hub' started by Gennady, Sep 18, 2023.

  1. Gennady

    Gennady

    Unity Technologies

    Joined:
    Mar 30, 2015
    Posts:
    44
    How to configure Automatic Proxy Detection:

    1. Open services-config.json

    If you have never set up a services-config.json file before, you will need to create both the config directory and the services-config.json file.

    MacOS: /Library/Application Support/Unity/config
    Windows: C:\ProgramData\Unity\config
    Linux: /usr/share/unity3d/config

    2. Set the flag to enable auto proxy

    Inside the services-config.json file, you’ll need to add a flag to the file, like so:

    {
    <other-flags>: <other-flag-values>,
    "enableProxyAutoconfig": true
    }


    Note the comma after every entry except the last entry.


    3. Add proxy config/provide proxy address to the Hub via env vars

    Depending on how you have your system(s) set up, you may need to pass the proxy information to the Hub.

    If you have a system wide setup such as WPAD or PAC, this shouldn’t be necessary. However, if you do need to pass the IP/URL of your proxy to the Hub, you can do so with these env variables:

    • HTTP_PROXY=http://<your-proxy-username>:<your-proxy-password>@<your-proxy-ho st>:<your-proxy-port>
    • HTTPS_PROXY=https://<your-proxy-username>:<your-proxy-password>@<your-proxy- host>:<your-proxy-port>


    Set them wherever you like – system wide, in a config or launch the Hub with those variables from the terminal/command line.

    The username and password (and @ symbol, of course) are optional, based on whether or not you have authentication for your proxy set up or whether you are using a different method to pass along credentials.


    4. Add credentials (if necessary)

    MacOS:

    Keychain Access > login > Add new keychain item. Do this twice, once for each protocol: HTTP, HTTPS.

    name: <protocol>://<your-proxy-host>:<your-proxy-port>


    Note: if entries already exist named <your-proxy-host> (<your-proxy-username>), those will need to be renamed to just <your-proxy-host> and you don't need to add the keychain items yourself. The OS might have added these automatically if you entered them in a prompt, earlier.


    Windows:

    Credential Manager > Windows Credentials tab > Add a generic credential

    Internet or network address: <your-proxy-host>


    Note that the OS might have already added these credentials if you entered them in a prompt and you don't need to add them yourself.


    Linux:

    Currently, automatic credential lookup is not supported in Linux. You can pass credentials to your proxy in Linux by prepending them to the proxy URL; for example:

    HTTPS_PROXY=https://<your-proxy-username>:<your-proxy-password>@<your-proxy-host>:
    <your-proxy-port>



    5. Self-signed certificates for traffic intercept (“SSL bump”)

    Self-signed certificates added to the system certificate store are now picked up by the Hub. These are the expected management tools or locations:

    Windows: Certificate snap-in for Microsoft Management Console (MMC)
    MacOS: Keychain Access (login or system keychains)
    Linux: /etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-bundle.crt
     
    hojjat-reyhane likes this.
  2. TSUNGkonovalov

    TSUNGkonovalov

    Joined:
    Sep 14, 2023
    Posts:
    7



    Unity hub version 3.5.0 WORK https://docs.unity3d.com/2023.1/Documentation/Manual/ent-proxy-env-vars.html

    Proxy environment variable values named HTTP_PROXY and HTTPS_PROXY that include authentication information in the following format
    http://<username>:<password>@<proxy_name_or_IP_address>:<proxy_port>


    Unity hub version 3.5.1 , 3.5.2 NOT WORK !!!!!!!!!!!!!!!!!!!!
     
    Last edited: Sep 19, 2023
    iriguchi likes this.
  3. benzac

    benzac

    Joined:
    Jan 29, 2020
    Posts:
    2
    Hello all,

    Just want to say that I'm now also having issues with my proxy setup in Unity Hub 3.5.2+ and Unity Editor 2022.3.x.
    I had/have no issues in previous Unity Hub verions and Unity Editor 2021.3.x.
    After a few tests and some log evaluations, it looks like the UPM from version 2022 (and the latest Unity Hub version) uses by default proxy auto-config (PAC) files to get the proxy information (rather than via environment variables). However, in my particular setup only the environment variables are valid. I see in the logs that the wrong proxy (from the PAC file) is being used.
    Maybe this information will help to fix this issue in an upcoming update.

    Best regards,
    benzac
     
  4. Kinggrass

    Kinggrass

    Joined:
    Jun 7, 2016
    Posts:
    72
    @Gennady

    thank you for helping us in a uncomplicated way by linking me to your suggested solution.

    Like @TSUNGkonovalov is already pointing out which can not be overseen ^^
    Unfortunatly it does not work in the versions he already said and also not on 3.6.0 now.

    I still get a Error ETIMEDOUT for downloads.

    If I go back to 3.5.0 it does work like it always did, also without this suggested change with the services-config.json file.

    Any other way to get it work or something you could delegate to investigate more?

    Following the log passage for 3.6.0 where it fails, before this it also logs that the proxy settings are set like intended and it is also visible that it can communicate to check if the download target is existing but then fails during downloading, are the proxy then not used anymore?:


    Code (CSharp):
    1. {"timestamp":"2023-11-01T07:36:16.545Z","level":"info","moduleName":"Download Item 76fbde89-c707-4ed3-bac2-f09a9be2a4d6","message":"[ 'Transition to state download_validation' ]"}
    2. {"timestamp":"2023-11-01T07:36:16.545Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Executing the Download Validation Strategy...' ]"}
    3. {"timestamp":"2023-11-01T07:36:16.546Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Validating destination path permission for access...' ]"}
    4. {"timestamp":"2023-11-01T07:36:16.548Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Destination Path check: Passed' ]"}
    5. {"timestamp":"2023-11-01T07:36:16.548Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Validating source path (https://download.unity3d.com/download_unity/ea401c316338/TargetSupportInstaller/UnitySetup-Linux-IL2CPP-Support-for-Editor-2022.3.9f1.exe) availability...' ]"}
    6. {"timestamp":"2023-11-01T07:36:16.873Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Source Availability check: Passed' ]"}
    7. {"timestamp":"2023-11-01T07:36:16.873Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Validating available disk space on the partition.' ]"}
    8. {"timestamp":"2023-11-01T07:36:16.873Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Required space: 55217152 bytes / 52.66 MB...' ]"}
    9. {"timestamp":"2023-11-01T07:36:16.874Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Available disk space check: Passed' ]"}
    10. {"timestamp":"2023-11-01T07:36:16.874Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Validating file integrity (checksum)..' ]"}
    11. {"timestamp":"2023-11-01T07:36:16.874Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Checksum value not supplied. Skipping Checksum' ]"}
    12. {"timestamp":"2023-11-01T07:36:16.874Z","level":"info","moduleName":"Disk Validation Strategy","message":"[ 'Checksum check: Passed' ]"}
    13. {"timestamp":"2023-11-01T07:36:16.875Z","level":"info","moduleName":"Download Item","message":"[ 'Download: 76fbde89-c707-4ed3-bac2-f09a9be2a4d6, Exiting from State: Validation, Event: VALIDATION_PASSED' ]"}
    14. {"timestamp":"2023-11-01T07:36:16.875Z","level":"info","moduleName":"Download Item","message":"[ 'Download: 76fbde89-c707-4ed3-bac2-f09a9be2a4d6, Current State: Downloading, Event: VALIDATION_PASSED' ]"}
    15. {"timestamp":"2023-11-01T07:36:16.875Z","level":"info","moduleName":"Download Item 76fbde89-c707-4ed3-bac2-f09a9be2a4d6","message":"[ 'Transition to state downloading' ]"}
    16. {"timestamp":"2023-11-01T07:36:16.877Z","level":"info","moduleName":"Node Downloader for 76fbde89-c707-4ed3-bac2-f09a9be2a4d6","message":"[ 'Download started' ]"}
    17. {"timestamp":"2023-11-01T07:36:37.990Z","level":"info","moduleName":"Node Downloader for 76fbde89-c707-4ed3-bac2-f09a9be2a4d6","message":"[ 'Download paused at 0 bytes / 0 bytes' ]"}
    18. {"timestamp":"2023-11-01T07:36:37.990Z","level":"info","moduleName":"Download Item 76fbde89-c707-4ed3-bac2-f09a9be2a4d6","message":"[ 'Error while downloading: connect ETIMEDOUT 23.50.131.30:443' ]"}
    19. {"timestamp":"2023-11-01T07:36:37.992Z","level":"info","moduleName":"Download Item","message":"[ 'Download: 76fbde89-c707-4ed3-bac2-f09a9be2a4d6, Exiting from State: Downloading, Event: ERROR' ]"}
    20. {"timestamp":"2023-11-01T07:36:37.992Z","level":"info","moduleName":"Download Item","message":"[ 'Download: 76fbde89-c707-4ed3-bac2-f09a9be2a4d6, Current State: Failed, Event: ERROR' ]"}
    21. {"timestamp":"2023-11-01T07:36:37.992Z","level":"info","moduleName":"Download Item 76fbde89-c707-4ed3-bac2-f09a9be2a4d6","message":"[ 'Transition to state download_failed' ]"}
    22. {"timestamp":"2023-11-01T07:36:37.993Z","level":"warn","moduleName":"Node Downloader for 76fbde89-c707-4ed3-bac2-f09a9be2a4d6","message":"[\n  'Download failed',\n  Error: connect ETIMEDOUT 23.50.131.30:443\n      at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1247:16) {\n    errno: -4039,\n    code: 'ETIMEDOUT',\n    syscall: 'connect',\n    address: '23.50.131.30',\n    port: 443\n  }\n]"}
    23. {"timestamp":"2023-11-01T07:50:56.167Z","level":"info","moduleName":"CloudConfig","message":"[ 'Succeeded to refresh data from https://public-cdn.cloud.unity3d.com/config/production' ]"}
    24. {"timestamp":"2023-11-01T07:51:22.034Z","level":"info","moduleName":"LicensingSdkService","message":"[ 'Get all entitlement groups' ]"}
    25. {"timestamp":"2023-11-01T07:51:22.067Z","level":"info","moduleName":"LicensingSdkService","message":"[ 'Successfully received all entitlement groups details' ]"}
    26. {"timestamp":"2023-11-01T07:51:22.067Z","level":"info","moduleName":"LicensingSdkService","message":"[ 'Received 1 entitlement groups' ]"}
    27. {"timestamp":"2023-11-01T07:51:22.069Z","level":"info","moduleName":"LicensingSdkService","message":"[ 'checkEntitlements: checking entitlements for: com.unity.editor.ui' ]"}
    28. {"timestamp":"2023-11-01T07:51:22.092Z","level":"info","moduleName":"LicensingSdkService","message":"[ 'Successfully checked for entitlements request.' ]"}
     
    Last edited: Nov 1, 2023
  5. judesidloski

    judesidloski

    Unity Technologies

    Joined:
    May 12, 2022
    Posts:
    84
    @Kinggrass can you post your full info-log.json?
     
    Kinggrass likes this.
  6. Kinggrass

    Kinggrass

    Joined:
    Jun 7, 2016
    Posts:
    72
    Because of our company guidelines I had to make sure to remove sensitive information.
    This includes in this case to remove my name where mentioned.

    If asking, the given proxy endpoints are correct, they are running locally as a delegate to another one and are working.
    At least <=3.5 Hub are working with this.
     

    Attached Files:

    judesidloski likes this.
  7. judesidloski

    judesidloski

    Unity Technologies

    Joined:
    May 12, 2022
    Posts:
    84
    Okay I validated a lot of what you said from other posts by looking at your logs -- Looks like proxy is configured properly and you are successfully reaching other http & https endpoints.

    What happens if you put the download link into your browser? https://download.unity3d.com/downlo...inux-IL2CPP-Support-for-Editor-2022.3.9f1.exe

    Is there someone from on your team that can look at proxy traffic and see if request is reaching the proxy at all? there is an ip address and port in the log.. is that the proxy? If you have an IT team you could get them in touch with me.
     
  8. Kinggrass

    Kinggrass

    Joined:
    Jun 7, 2016
    Posts:
    72
    @judesidloski

    Thanks you for investigating this issue.
    If I put the link directly into the browser the download starts, the browser is configured on the same proxy.

    And yes we have an IT-security-team which is in charge also for proxy related topics but I think this could take longer to contact them and to get someone.

    I think I will first check myself with wireshark if the hub ist trying to connect to the right address and if I am unfortunate I will have to reach out to the security staff at another company location.

    Edit: The Download also finishes successfully.
     
    Last edited: Nov 6, 2023
  9. judesidloski

    judesidloski

    Unity Technologies

    Joined:
    May 12, 2022
    Posts:
    84
    Thanks for the update and please keep me posted.

    Another thing you can try is for an existing editor, install all modules. Some modules will reach to download.unity3d.com and others will reach to different URLs. May give you some guidance if it is just a particular URL failing.
     
  10. marcuslui99

    marcuslui99

    Joined:
    Nov 9, 2023
    Posts:
    1
    Automated Proxy Detection refers to the process of identifying whether a user is connecting to a network or website through a proxy server, and if so, analyzing the characteristics of that connection. This detection is often used for various reasons, including security, content access control, and preventing fraudulent activities.

    Here are some common methods used for automated proxy detection:

    1. Header Analysis:
      • Analyzing HTTP headers can provide information about the client's connection. Proxy servers often add specific headers to requests, and examining these headers can reveal whether a proxy is being used.
    2. IP Address Checks:
      • Comparing the user's IP address with known proxy IP addresses can be an indicator. Some databases maintain lists of proxy IP addresses, and a match with these lists may suggest the use of a proxy.
    3. Behavioral Analysis:
      • Analyzing user behavior and patterns can help detect anomalies that might indicate the use of a proxy. For example, sudden changes in IP addresses or unusual browsing patterns.
    4. Network Traffic Analysis:
      • Examining the network traffic characteristics can reveal patterns consistent with proxy usage. This includes looking at the timing, volume, and frequency of requests.
    5. DNS Request Analysis:
      • Analyzing DNS requests can provide information about the user's network configuration. Some DNS queries may be associated with known proxy services.
    6. SSL/TLS Inspection:
      • Inspecting SSL/TLS handshakes can reveal characteristics associated with proxy usage. Some proxies modify SSL certificates, and anomalies in the certificate chain can be detected.
    7. JavaScript-Based Detection:
      • Running client-side JavaScript code to detect features or behaviors associated with proxy usage. This can include checking for known JavaScript vulnerabilities or behaviors indicative of proxy connections.
    8. Challenge-Response Mechanisms:
      • Implementing challenge-response mechanisms to interact with the client and detect characteristics consistent with proxy usage. For example, asking the client to perform actions that typical proxy servers might struggle with.
    It's important to note that users may employ legitimate proxies for privacy or security reasons, and not all proxy usage is malicious. Automated proxy detection methods should be implemented judiciously and with respect for user privacy. Additionally, users on corporate networks or using VPNs may inadvertently trigger false positives in proxy detection systems.

    The effectiveness of automated proxy detection methods may vary, and it's common for systems to use a combination of these techniques for more accurate results.
     
    Last edited: Nov 17, 2023
  11. Kinggrass

    Kinggrass

    Joined:
    Jun 7, 2016
    Posts:
    72
    Sry to left you keep waiting I tried to dowload all modules but unfortunatly all fail the same.

    This said the Unity Hub Version <=3.5 is working and therefor the proof is already given that this is working in our company network. What changed in versions is that the download is not working anymore but resource validation is still working.

    In wireshark is a strange behaviour where some request are directed to the target with proxy authentification and others not. Is the hub following a fallback strategy?
    The sample is from the same request session unfortunatly I can not see what resource is tried to be retreived. I would expect somewhere a GET request but I dont find anything like that.

    Although here some samples but I don't think this could help.

    Additional guess:
    In moduleName Disk Validation Strategy are you requesting some other URI's for validation which are not logged?
    Because our company is whitelisting addresses for access, is there something missing.
     

    Attached Files:

    Last edited: Nov 14, 2023
    judesidloski likes this.
  12. judesidloski

    judesidloski

    Unity Technologies

    Joined:
    May 12, 2022
    Posts:
    84
    I'll need some time to come back to this. But yes I think there is a regression here.
     
  13. Kinggrass

    Kinggrass

    Joined:
    Jun 7, 2016
    Posts:
    72
    If it would be helpful I can also assist by testing builds.
    It is in a great interest for us that this will work again because the hub is installing versions automatically for a lot of us.