hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1406) https on port 80 over proxy caused the http client to go into an infinite loop
Date Wed, 02 Oct 2013 13:16:27 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13783900#comment-13783900
] 

Oleg Kalnichevski commented on HTTPCLIENT-1406:
-----------------------------------------------

I am unable to reproduce the problem with HttpClient 4.3

{noformat}
executing request: GET / HTTP/1.1
via proxy: http://localhost:8080
to target: https://localhost:80
2013/10/02 14:11:34:565 GMT+01:00 [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2013/10/02 14:11:34:574 GMT+01:00 [DEBUG] RequestAuthCache - Auth cache not set in the context
2013/10/02 14:11:34:575 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection
request: [route: {tls}->http://localhost:8080->https://localhost:80][total kept alive:
0; route allocated: 0 of 2; total allocated: 0 of 20]
2013/10/02 14:11:34:588 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection
leased: [id: 0][route: {tls}->http://localhost:8080->https://localhost:80][total kept
alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2013/10/02 14:11:34:599 GMT+01:00 [DEBUG] MainClientExec - Opening connection {tls}->http://localhost:8080->https://localhost:80
2013/10/02 14:11:34:603 GMT+01:00 [DEBUG] HttpClientConnectionManager - Connecting to localhost/127.0.0.1:8080
2013/10/02 14:11:34:609 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> CONNECT localhost:80
HTTP/1.1
2013/10/02 14:11:34:609 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Host: localhost:80
2013/10/02 14:11:34:609 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Proxy-Connection:
Keep-Alive
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << HTTP/1.0 407
Proxy Authentication Required
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Server: squid/2.5.STABLE13
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Mime-Version:
1.0
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Date: Wed, 02
Oct 2013 13:11:34 GMT
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Type:
text/html
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Length:
1265
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Expires: Wed,
02 Oct 2013 13:11:34 GMT
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Proxy-Authenticate:
Basic realm="test-proxy"
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << X-Cache: MISS
from localhost
2013/10/02 14:11:34:614 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Proxy-Connection:
close
2013/10/02 14:11:34:616 GMT+01:00 [DEBUG] HttpAuthenticator - Authentication required
2013/10/02 14:11:34:616 GMT+01:00 [DEBUG] HttpAuthenticator - localhost:8080 requested authentication
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Authentication schemes
in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for negotiate
authentication scheme not available
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for Kerberos
authentication scheme not available
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for NTLM
authentication scheme not available
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for Digest
authentication scheme not available
2013/10/02 14:11:34:633 GMT+01:00 [DEBUG] HttpAuthenticator - Selected authentication options:
[BASIC]
2013/10/02 14:11:34:634 GMT+01:00 [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0:
Close connection
2013/10/02 14:11:34:635 GMT+01:00 [DEBUG] HttpClientConnectionManager - Connecting to localhost/127.0.0.1:8080
2013/10/02 14:11:34:635 GMT+01:00 [DEBUG] HttpAuthenticator - Generating response to an authentication
challenge using basic scheme
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> CONNECT localhost:80
HTTP/1.1
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Host: localhost:80
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Proxy-Connection:
Keep-Alive
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Proxy-Authorization:
Basic xxxxxxxx
2013/10/02 14:11:34:638 GMT+01:00 [DEBUG] headers - http-outgoing-0 << HTTP/1.0 200
Connection established
2013/10/02 14:11:34:638 GMT+01:00 [DEBUG] HttpAuthenticator - Authentication succeeded
2013/10/02 14:11:34:639 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Caching 'basic' auth
scheme for http://localhost:8080
2013/10/02 14:11:34:639 GMT+01:00 [DEBUG] MainClientExec - Tunnel to target created.
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] MainClientExec - Executing request GET / HTTP/1.1
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] MainClientExec - Target auth state: UNCHALLENGED
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> GET / HTTP/1.1
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Host: localhost:80
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2013/10/02 14:11:34:891 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.3.1-SNAPSHOT
(java 1.5)
2013/10/02 14:11:34:891 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Accept-Encoding:
gzip,deflate
2013/10/02 14:11:34:891 GMT+01:00 [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200
OK
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Date: Wed, 02
Oct 2013 13:11:34 GMT
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Server: Apache/2.2.22
(Ubuntu)
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Last-Modified:
Sat, 13 Apr 2013 09:48:25 GMT
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << ETag: "2111e-b1-4da3aebc22fcf"
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Accept-Ranges:
bytes
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Vary: Accept-Encoding
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Encoding:
gzip
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Length:
146
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Keep-Alive: timeout=5,
max=100
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Type:
text/html
2013/10/02 14:11:34:894 GMT+01:00 [DEBUG] MainClientExec - Connection can be kept alive for
5000 MILLISECONDS
2013/10/02 14:11:34:909 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection
[id: 0][route: {tls}->http://localhost:8080->https://localhost:80] can be kept alive
for 5.0 seconds
2013/10/02 14:11:34:910 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection
released: [id: 0][route: {tls}->http://localhost:8080->https://localhost:80][total kept
alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2013/10/02 14:11:34:910 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection
manager is shutting down
2013/10/02 14:11:34:910 GMT+01:00 [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0:
Close connection
2013/10/02 14:11:34:911 GMT+01:00 [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0:
Close connection
2013/10/02 14:11:34:911 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection
manager shut down
----------------------------------------
HTTP/1.1 200 OK
Response content length: -1
{noformat}

> https on port 80 over proxy caused the http client to go into an infinite loop
> ------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1406
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1406
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.5
>            Reporter: Jason Webb
>
> Using a proxy configuration of https on port 80 sends the http client into an infinite
loop.  Creating mini dos attack on the proxy server.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message