Disclaimer: I am not advocating that you try to break your company's security policy. They probably have their policy for a reason - and breaking this policy is likely to get you into all kinds of trouble. Think carefully about this before doing it.

However, in the interests of furthering discussion, if your browser sees the string <img src="/blah"> in a html document, it will attempt to make a separate http request to fetch the image - just as if you tried to type the address into your browser directly. This is therefore being blocked by the relevant firewall.

To get around this, you need to look at the content_type header that you get back from the remote request (see the earlier post by Joost), and send that content-type back to the browser.

Actually, to do this *properly* there are other headers that you would need to thing about (authentication and cookies being two good examples that come to mind). What you really want is a proxy server (eg squid, or apache with mod_proxy). However - if you have never set up such a thing before, I'd recommend either getting help, or at least reading the docs quite carefully, as open proxies on the internet are a bad thing (tm)

defeating the corporate firewall may sound like a fun thing to do but can get you in to loads of trouble. Loss of a job and/or criminal/civil prosecution. It's just not worth the hassle. IMHO

loads of trouble

Last week three of 4 of our young trainees (15-17 years old) got fired. One of them (a darn pretty girl which I would have been glad to welcome in my office (all trainees spend four weeks in the IT department)) has been told the password for the time registration system, to stand in for some colleague who was ill. Unfortately the colleague didn't change the password afterwards...

And so she happily added hours on the time account of her and two friends. Nobody would have ever noticed it, but out of sheer spite she reduced the account of someone she did not like. Of course that person complained and investigations followed.


holli, /regexed monk/

The majority of corporate firewalls are run by morons who would flee in terror at the mere suggestion of scripting or programming languages such as Perl or C.

Maybe the security staff think they are gurus because they can actually work out an access-list on a Cisco router or *horrors* use Visual Basic in their spare time.

If you know what you're doing, by passing the corporate firewall is never an unworthy endeavour.

But I would never, ever contemplate downloading or viewing porn at work. That's a one-way ticket to humiliation and never getting another job.

>>If you know what you're doing, by passing the corporate firewall is never an unworthy endeavour


:-)


In regards to your last statement - I completely agree. I'm not trying to view sites that I really ought not to be viewing at work. What I'm trying to do is use things like babelfish. I work in Holland during the week and need to translate local web pages - searching for accommodation is a prime example. The image thing is/was just a diversion from the main aim - to be able to remotely retrieve useful and relevant - and yet autoblocked - content using GET and POST.

IIRC internet explorer will show a red cross i.e. a "red ex" for either unreachable urls AND incorrectly formatted images.

My suggestion to subvert a firewall would be to use a http proxy. Searching for "anonymous proxy" on a www search engine should give you plenty of results.