trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From salil GK <gksa...@gmail.com>
Subject Re: Help for forward proxy configuration
Date Mon, 13 Mar 2017 02:50:43 GMT
Any help on this would be really great .

I have my setup like the follows.

Client machine  ->  ATS 1 as forward proxy  -> ATS 2 as a forward proxy  ->
Origin server

I am doing proxy chaining . ATS 2 is configured as parent proxy. and there
is a ssh tunnel between ATS1 and ATS2.

When I send a http request from my client  every thing works perfect and I
client gets the requested content.

But when I send *https* request from my client, ATS1 sends back 403 Access
denied.

I guess we need to make some settings for ATS to forward CONNECT method.

Can I get some help on configuring ATS for allowing *https* request to be
forwarded .

If I need to upload the origin server certificate in ATS, that is also
possible.

I don't need to make this setup as an open proxy. Only designated origin
server will be supported.

Thanks in advance
~S



On 9 March 2017 at 04:44, salil GK <gksalil@gmail.com> wrote:

> Thanks James for pitching in .
>
> So the point is I want to get a https request delivered to the origin
> server through my proxy. Now it is being dropped I guess . How do I get it
> done ?
>
> Thanks in advance
> ~S
>
> On 8 March 2017 at 22:34, James Peach <jamespeach@me.com> wrote:
>
>>
>> > On Mar 8, 2017, at 2:48 AM, salil GK <gksalil@gmail.com> wrote:
>> >
>> > Basically while analysing the traffic, what I observed is when I access
>> http site the header http header coming as
>> >
>> >  ^MHTTPMSG:^M|GET http://10.106.251.95/ HTTP/1.1^MHost:
>> 10.106.251.95^MUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10;
>> rv:51.0) Gecko/20100101 Firefox/51.0^MAccept: text/html,application/xhtml+xm
>> l,application/xml;q=0.9,*/*;q=0.8^MAccept-Language:
>> en-US,en;q=0.5^MAccept-Encoding: gzip^MCookie:<CONCEALED>^MConnection:
>> keep-alive^MUpgrade-Insecure-Requests: 1^M^M|^M
>> >
>> >
>> >
>> > where as for https access the http header comes as
>> >
>> > ^MHTTPMSG:^M|CONNECT 10.106.251.95:443 HTTP/1.1^MUser-Agent:
>> Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:51.0) Gecko/20100101
>> Firefox/51.0^MProxy-Connection: keep-alive^MConnection:
>> keep-alive^MHost: 10.106.251.95:443^M^M|^M
>> >
>> > and servers return
>> > Msg="HTTP/1.1 403 Access Denied"
>> >
>> > back to browser
>> >
>> > How do I configure ATS to pass https request to the origin server ?
>>
>> This is a user agent behavior. When user agents make a HTTPS request
>> through a proxy they will use the CONNECT method to establish an end-to-end
>> secure tunnel to the origin.
>>
>> >
>> > Thanks in advance
>> > ~S
>> >
>> > On 8 March 2017 at 14:40, salil GK <gksalil@gmail.com> wrote:
>> > Hello
>> >
>> > We were trying to set up a forward proxy. I have my remap entry as
>> below.
>> >
>> >
>> >
>> > >>
>> >
>> > regex_map http://(.{3,1023})/ http://$1/
>>  @plugin=ts_httpallow_remap_plugin.so @pparam=/etc/trafficserver/etc/httpallowlist.txt
>> @pparam=forwardproxy
>> >
>> > <<
>> >
>> >
>> >
>> > Httpallow_remap_plugin is used for filtering the origin server.
>> >
>> > If I access an external http site using this server a proxy, every
>> thing works.
>> >
>> >
>> >
>> > >>
>> >
>> > regex_map https://(.{3,1023})/ https://$1/
>>  @plugin=ts_httpallow_remap_plugin.so @pparam=/etc/trafficserver/etc/httpallowlist.txt
>> @pparam=forwardproxy
>> >
>> > <<
>> >
>> >
>> >
>> >
>> > When I access an https site using this server as my proxy server, it
>> doesn’t work. Also the control doesn’t reach httpallow_remap_plugin also.
>> It always shows access denied.
>> >
>> >
>> >
>> > What could be the problem ?
>> >
>> >
>> >
>> > Thanks in advance
>> >
>> > ~S
>> >
>> >
>>
>>
>

Mime
View raw message