Menu
▾
▴
Re: [Proxytunnel-users] HTTP CONNECT disabled - ramifications?
|
From: Victor H. <vic...@ya...> - 2010-08-16 15:52:01
|
> > heya, Thanks to everybody for their replies. Well, that makes sense, we need SSL for many of our secure sites. At least now I understand the background a bit more =). I've mucking around, and I noticed that even with proxytunnel: proxytunnel -v -p localproxy:8080 -r remotewebserver.com:80 -d destinationsshserver.com:22 -H "Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9" in the output, it just seems to return the proxy's "Access Denied" page, with a "301 Moved Permanently", Proxy-Connection is "close", and X-Error-Name is "httpmethodfilterlist". I suppose that's a win for security...hmm. With both -e and -X, we also still gets an "Access Denied". However, with -E, I get a "error: Socket write error". (Note, I haven't done anything fancy on the remotewebserver to get SSL to work properly. I did vaguely follow the instructions at http://beginlinux.com/blog/2009/01/ssl-on-ubuntu-810-apache2/, but that's about it. And there's nothing SSL specific in the virtualhost config for the hostname I'm using for the remotwebserver.com). First question, and my apologies if this is a bit basic - how is it we are still able to pickup the proxy connection, and deny access? I thought this method was meant to be able to tunnel through proxies? Secondly - any ideas on what the "Socket write error" with the -E flag means? Cheers, Victor On 17 August 2010 01:08, Julian Gilbey <ju...@d-...> wrote: > On Mon, Aug 16, 2010 at 11:18:56PM +1000, Victor Hooi wrote: > > Hi, > > > > I'm curious - proxy tunnel doesn't work if HTTP CONNECT is disabled, > right? > > My background info on the HTTP spec is a little patchy, all I could seem > to > > find on the background was a single line in RFC2616 ( > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html). > > > > Is it normal for a proxy server to disable HTTP CONNECT? Are there any > > What you might find is what I did with one proxy server: it allowed > one to CONNECT to the remote server but did not allow one to send an > HTTP CONNECT request _to_ the remote server, so you could not connect > to a further service via the remote server. The only way around this > was to connect to an SSL-encrypted remote server, so that the proxy > was not able to see the HTTP CONNECT request. > > Julian > |
