[gwillz]

I have a government client that has locked down all outgoing access for a web server except though a socks proxy.

It makes simple things really hard - like a links checker, package dependencies, remote servers or integrations with Google.

We can't even run test scenarios on the machine because we're also locked _out_ of the server. Instead, we rely on their IT department to run test scripts that we send them via email.

We were debugging an elastic server connection for 2 weeks that was working perfectly fine in their "QA". It's a horrible existence.

[dijit]

Used to work at Ubisoft and they had this same policy, they used an authenticated http proxy, so you either expose your entire SSO credentials to your environment (HTTP_PROXY=http://user:password@proxy:3128) or you don't get access to the internet for all your console applications.

Even then, if you were using certificate pinning, it wouldn't work as the HTTP proxy would serve a "are you sure you want to continue" HTML page, which is of course not expected.

SSH is out of the question.

it's amazing what "simple" things break; like kubectl, gcloud, go get.

So frustrating. Countless development hours lost to bypasses.

[bheadmaster]

> I have a government client that has locked down all outgoing access for a web server except though a socks proxy.

If you're running Linux, there's a utility called "tsocks" which wraps any other command and redirects all network servers through a SOCKS proxy defined in /etc/tsocks.conf, e.g.:

    tsocks pip install somepackage

One downside is that since it relies on some linker magic, it doesn't work for static binaries. But for most common usage, it served me just fine.

[rtev]

I believe proxychains also would work

[roflyear]

Hopefully you can bill them for all of this, but yeah, totally ridiculous and costing the taxpayer a ton of money.

Reminds me of a friend who started a government job, and they went 6m before they were fully onboarded and able to work. ????