I have a browser that's sending requests through a very slow connection to a python web-proxy. The slowness isn't an issue with normal HTTP GET and POST requests, but when I try to open an HTTPS site it's failing. The proxy is getting the CONNECT request from the client and opening the connection with the server, but if the handshake doesn't finish in 30 seconds, the server is ending it.
Is there any way I can modify the proxy to keep the handshake open long enough for the client to finish it? Maybe some sort of SSL handshake keep-alive?
Related
We are using Kerberos to authenticate HTTPS request. We wish to reuse the connection for requests to same endpoint by using same curl handle. This works fine for HTTP connections. However, each rest request we sent will send two request, first will get 401 to get back authentication token and then 200 for the data. Then curl will close the connection and reconnect again for following rest request. This is extremely inefficient, is there a way to cut down all the authentication cost? Thanks a lot!
It is needed to make a HTTP2-response, which will force a client to reconnect to the same server to the same address.
In case of HTTP/1.1 it could be done sending 307 Temporary Redirect response with Connection: close header.
In HTTP/2 Connection: close header is ignored and redirect is performed without reconnection, which brings to redirect loop error.
Also, I've tried to send 421 Misdirected Request response to client with the same url, but Chrome browser is do nothing after receiving this response.
What is the most proper way to force a HTTP/2 client to reconnect? Which server response can be send? Maybe some kind of GOAWAY frame?
Following the graceful shutdown procedure that RFC 7540 recommends should result in a reconnection:
A server that is attempting to gracefully shut down a connection
SHOULD send an initial GOAWAY frame with the last stream identifier
set to 2^31-1 and a NO_ERROR code. This signals to the client that
a shutdown is imminent and that initiating further requests is
prohibited. After allowing time for any in-flight stream creation
(at least one round-trip time), the server can send another GOAWAY
frame with an updated last stream identifier. This ensures that a
connection can be cleanly shut down without losing requests.
Regarding 421 handling in Chrome, this bug https://bugs.chromium.org/p/chromium/issues/detail?id=546991 was opened to have Chrome re-open a new connection to the server, it's seen some activity recently.
Yes, the way on HTTP/2 to ask a client to reconnect for further requests is to send a GOAWAY frame to it. How this works depends on your server side implementation or framework for HTTP/2 support. E.g. a framework could intercept your Connection: close header and treat it as a request to close the connection after the request. But I guess most HTTP/2 implementations wouldn't like to do that, since they guess the header targets only the current request scope and not the whole connection. Alternatively the framework could provide a way in the request handler to not only access the request and response data but also to get a reference to the HTTP/2 connection, which can be used to send the GOAWAY.
This may help you Google HTTP2
Recently i started to write a proxy(web debugging) software.
and handled the GET request well.
sometimes i get CONNECT messages from the client, so i connect to the target server and reply the client by "200 Connection Established".
is that it all??
because after it i don't get any messages
from the server or the client.
so i got confused.
I want to know all the steps of https CONNECT message request and responses until an https site(like https://google.com) gets loaded.
Thank you.
The CONNECT request is used to set up a connection tunnel. This is used mainly to allow access to https sites through an http proxy.
The web proxy is expected to set up a proxy connection to the indicated host, and then proxy the traffic between the two connections, until one or the other terminates.
After establishing the connection, you expect to see either the client or the server start sending something to the other. Your proxy code should be prepared, at any time, to receive more data from either the client or the server, to be forwarded to the other party. If not, your proxy is not doing something correctly. It is not your proxy's job to handle https negotiation. Once the connection is established, your proxy must transparently proxy all the data, and it is the client's and the server's task to talk https with each other.
I'm making an HTTP proxy in C++; when a client sends a GET or CONNECT request to the proxy, the proxy parses the HTTP header of the packet, resolve the hostname in it, opens another socket to the server destination and send client's request. Then the proxy will send server's response to the client.
Here's the GET and CONNECT requests from the client sent by the proxy to the server:
GET http://www.gstatic.com/generate_204 HTTP/1.1
CONNECT cr-input.getspeakit.com:443 HTTP/1.1
But when I parse a GET response from server, I find a 400 status code, i.e. Bad Request: this seems to be (from Wikipedia):
a malformed request syntax, invalid request message framing, or deceptive request routing.
Do I send wrong arguments to the server in the GET request?
GET. The syntax is not wrong but if the request has not been faked by you and it is really going to www.gstatic.com you can check yourself that any kind of requests generates a 40x status code. That's a domain used for Google for offloading static content. Whether that's still the case and why it returns 40x for the requests. Go to Google.
CONNECT. If you are forwarding the CONNECT to the server, this is wrong. A CONNECT is meant to open an end to end binary connection bypassing your proxy. The sequence would be:
Get connect request from client
Open TCP connection to IP:Port (after DNS resolution obviously)
Return "200 OK" to the client if the connection was successfully opened or an error code of your choice (plus optionally some explanation in Text/HTML form for the end user)
If data is received from either end -> forward it to the other end until one of the connections is closed, when you close the other end.
I'm using boost::asio and I've been looking at the example code on how to connect to an ssl host. But I want to send a get request after I've connected to the server through ssl, how is this possible? Do I send a get request as the http example do exactly?
After the handshake is done (handle_handshake in the example) and there was no errors, you should be able to use the connection just as any other Boost ASIO connection.