#1518 Host header filter doesn't work

pending
None
5
2012-10-28
2012-10-27
smartgig
No

Config :
forward / someip:80
accept-intercepted-requests 1

I tried to filter the domain "something" to "anotherthing" but the filtering doesn't work while I can see in the debug that it's applied. It seems that it is replaced after by the privoxy.

2012-10-27 05:37:11.660 b7d89b70 Re-Filter: filtering 'Host: sib.tube.something.com' \(size 26\) with 'hfilter' ...
2012-10-27 05:37:11.660 b7d89b70 Header: Transforming "Host: sib.tube.something.com" to "Host: sib.tube.anotherthing.com"
2012-10-27 05:37:11.660 b7d89b70 Re-Filter: ... produced 1 hits \(new size 13\).

But still sib.tube.something.com is sent to the destination host.

Discussion

  • Fabian Keil

    Fabian Keil - 2012-10-27

    Filtering the domain in the Host header is not supposed to affect the domain in the request line.

    I suspect that your forwarding proxy someip:80 uses the unmodified domain from the request line and overwrites the domain in the Host header again. You could confirm this by enabling "debug 16".

    Can you clarify what you are trying to achieve by filtering the Host header?

    Maybe filtering the request line (or both) would be more appropriate.

     
  • Fabian Keil

    Fabian Keil - 2012-10-27
    • milestone: 2426028 -->
    • assigned_to: nobody --> fabiankeil
    • labels: 427303 -->
    • status: open --> pending-works-for-me
     
  • smartgig

    smartgig - 2012-10-27

    For example I want to show the content of google.com on my domain but replace the text 'I'm feeling lucky" to "I'm feelink nice" !
    So I should set the hostname to be "google.com" on privoxy else google returns bad request error. ( google.com is just an example, most of the webservers return a bad request error if the requested Host isn't hosted there )

    Currently I've to do it using squid directive "forceddomain=google.com" in cachepeer. ( client -> privoxy -> squid -> google -> squid -> privoxy filters "lucky" to "nice" -> client ).
    nginx also support this by "hostname google.com" directive.

    I've found nothing about filtering request line in the privoxy user manual.

    In the debug file I've found the following lines containing old hostname which must be replaced but remains untouched :

    Header: New HTTP Request-Line : GET http://sib.tube.something.com/
    Request: sib.tube.something.com/
    ...
    
     
  • Fabian Keil

    Fabian Keil - 2012-10-27

    Request line is just a fancy way to refer to the first client header which contains the request URI.

    "If the request URL gets changed, Privoxy will detect that and use the new one. This can be used to rewrite the request destination behind the client's back, for example to specify a Tor exit relay for certain requests."
    http://config.privoxy.org/user-manual/actions-file.html#CLIENT-HEADER-FILTER

    If you rewrite both headers it should work without another proxy between Privoxy and google.com.

     
  • Fabian Keil

    Fabian Keil - 2012-10-27
    • status: pending-works-for-me --> pending
     
  • smartgig

    smartgig - 2012-10-27

    I've tried to completely change the word 'something' to 'anotherthing' in all the server-header-filter, client-header-filter and filter !
    It doesn't work. It seems that privoxy grabs the hostname from request line before any action and then do the filtering stuffs !

    I've found a good testing box. Try to forward one subdomain of your site to 173.194.39.134 ( youtube server address ) :
    forward / 173.194.39.134:80
    accept-intercepted-requests 1

    and now If you send the "Host: youtube.com" header, your subdomain will show youtube content, else it'll show google homepage !

     
  • smartgig

    smartgig - 2012-10-27
    • status: pending --> open
     
  • Fabian Keil

    Fabian Keil - 2012-10-28
    • status: open --> pending
     
  • Fabian Keil

    Fabian Keil - 2012-10-28

    In case of intercepted requests, the request line does not contain the domain. Probably your filter doesn't correctly deal with this.

    The following filter:

    CLIENT-HEADER-FILTER: rewrite-to-youtube.com Rewrite the request destination and host to www.youtube.com
    s@^(\w+) (https?://[^/]*)?/@$1 http://www.youtube.com/@
    s@^Host: blafasel.example.org@Host: www.youtube.com@

    With the following action section:

    # Redirect requests for blafasel.example.org to www.youtube.com behind the client's back
    {+client-header-filter{rewrite-to-youtube.com} +forward-override{forward .}}
    blafasel.example.org

    works for me with both intercepted and non-intercepted requests.

    I'm using the forward-override{} action to disable earlier forwarding settings, otherwise it wouldn't be necessary.

    Specifying IP addresses isn't necessary either, unless you want to hard-code them. Privoxy can resolve the new destination host itself, just like any other destination host.

    When it's working, you should get log messages like:

    15:07:50.458 027 Header: Transforming "GET / HTTP/1.1" to "GET http://www.youtube.com/ HTTP/1.1"
    15:07:50.458 027 Re-Filter: 'rewrite-to-youtube.com' hit 1 time, changing size from 14 to 36.
    15:07:50.458 027 Header: Transforming "Host: blafasel.example.org" to "Host: www.youtube.com"
    15:07:50.458 027 Re-Filter: 'rewrite-to-youtube.com' hit 1 time, changing size from 26 to 21.
    15:07:50.458 027 Info: Rewrite detected: GET http://www.youtube.com/ HTTP/1.1

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks