<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.28.3">
</HEAD>
<BODY>
Hello Dmitry,<BR>
<BR>
The patch worked fine for me. Thanks for this. I'll continue to test and if it uncovers anything unusual I'll let you know.<BR>
<BR>
Thanks for your help and prompt fix.<BR>
<BR>
Regards,<BR>
<BR>
Mohammed Rakhada<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: Dmitry Kurochkin <<A HREF="mailto:Dmitry%20Kurochkin%20%3cdmitry.kurochkin@measurement-factory.com%3e">dmitry.kurochkin@measurement-factory.com</A>><BR>
<B>To</B>: <A HREF="mailto:morakhad@cisco.com">morakhad@cisco.com</A>, users <<A HREF="mailto:users%20%3cusers@web-polygraph.org%3e">users@web-polygraph.org</A>><BR>
<B>Subject</B>: Re: Problems with SSL via Proxy<BR>
<B>Date</B>: Thu, 22 Sep 2011 13:40:11 +0400<BR>
<BR>
<PRE>
Hi Mohammed.
On Wed, 21 Sep 2011 20:45:48 +0100, Mohammed Rakhada <<A HREF="mailto:morakhad@cisco.com">morakhad@cisco.com</A>> wrote:
> Hello,
>
> I am having trouble trying to use Web Polygraph with a Proxy.
>
> I seem to have tracked it down to Web Polygraph not sending a Host
> Header with the request and so the Proxy rejects the connections.
>
> I have captured the network traffic during this to see what is happening
> and I can see that for a request sent from my browser the Host Header is
> sent but not when a request comes from Web Polygraph.
>
This is a bug indeed. Polygraph never sends Host header in CONNECT
requests, though RFC 2616 requires client to send Host header in any
HTTP/1.1 request. Apparently, many proxies ignore the missing Host
header and use the URI.
Please try the attached patch and let me know if it helps.
Regards,
Dmitry
> >From Web Polygraph to Proxy:
>
> CONNECT 192.168.29.104:443 HTTP/1.1
> Proxy-Connection: close
>
> >From Browser to Proxy:
>
> CONNECT 192.168.29.104:443 HTTP/1.1
> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.22)
> Gecko/20110905 Ubuntu/10.04 (lucid) Firefox/3.6.22
> Proxy-Connection: keep-alive
> Host: 192.168.29.104
>
> Here is an extract from my polygraph.pg file so you can see what I am
> trying to do. Is there some configuration missing? Been stuck on this
> problem for a while, originally had a problem trying to jsut run basic
> SSL tests. When going direct from Client to Server (no proxy involved),
> web-polygraph runs fine. If you require any further information please
> do let me know.
>
> I am running v 4.4.0.
>
> SslWrap wrap = {
> protocols = [ "SSLv3", "TLSv1" ];
> root_certificate = "/opt/home/user/CA-priv+pub.pem";
> ciphers = [ "ALL:HIGH: !SSLv2: !aNULL: !AES128-SHA: !AES256-SHA:":
> 100% ];
> rsa_key_sizes = [ 512bit, 1024bit, 2048bit ];
> ssl_config_file = "/opt/home/user/myssl.conf";
> session_resumption = 40%;
> session_cache = 100;
> };
>
>
> DnsResolver dr = {
> servers = [ '127.0.0.1:53' ];
> timeout = 5sec;
> };
>
>
> Server PlainServer = {
> kind = "HTTP";
> contents = [ cntJPG: 26%, cntGIF: 28%, cntPNG: 9%, cntPDF:
> 0.05%, cntZIP: 0.22%, cntMalware, cntEXE: 0.43%, cntSWF: 1.9%,
> cntJavascript: 32% ];
> direct_access = contents;
> addresses = [ '192.168.29.104:8080' , '192.168.29.104:80' ];
> };
>
> Server SSL = PlainServer;
>
> SSL = {
> kind = "HTTPS";
> addresses = [ '192.168.29.104:443' ];
> ssl_wraps = [ wrap ];
> };
>
> Robot R = {
> kind = "robot";
> pop_model = { pop_distr = popUnif(); };
> recurrence = 15% ;
> req_rate = 1/sec;
> ssl_wraps = [ wrap ];
> origins = [ PlainServer.addresses, SSL.addresses ];
> http_proxies = [ '192.168.111.42:8080' ];
> addresses = [ '192.168.29.101' ** 200 , '192.168.29.103' ** 5 ,
> '192.168.29.105' ** 2 , '192.168.29.107' ** 200, '192.168.29.109' **
> 200 , '192.168.29.111' ** 200 , '192.168.29.113' ** 200 ,
> '192.168.29.115' ** 200 ];
> };
>
> use (hostnames);
> use (SSL,PlainServer,R);
>
> _______________________________________________
> Users mailing list
> <A HREF="mailto:Users@web-polygraph.org">Users@web-polygraph.org</A>
> <A HREF="http://www.web-polygraph.org/mailman/listinfo/users">http://www.web-polygraph.org/mailman/listinfo/users</A>
</PRE>
<TABLE CELLSPACING="0" CELLPADDING="0" BORDER="1">
<TR>
<TD>
<FONT SIZE="2">differences between files attachment (http-connect-host-header-v4.4.0.patch)</FONT>
</TD>
</TR>
</TABLE>
<PRE>
http-connect-host-header-v4.4.0.patch - patch for Web Polygraph v4.4.0
Send Host header in HTTP CONNECT requests.
Per RFC 2616, a client MUST include a Host header field in all
HTTP/1.1 request messages. Before the change, Polygraph did not
send Host header in CONNECT requests.
diff --git src/client/HttpCltXact.cc src/client/HttpCltXact.cc
index 018389f..76ec454 100644
--- src/client/HttpCltXact.cc
+++ src/client/HttpCltXact.cc
@@ -344,40 +344,45 @@ bool HttpCltXact::controlledPostWrite(Size &size, bool &needMore) {
return true;
}
void HttpCltXact::makeReq(WrBuf &buf) {
ofixedstream os(buf.space(), buf.spaceSize());
if (theState == stConnWaiting) {
if (theOid.connect())
makeConnectReq(os);
else
makeExplicitReq(os);
newState(stSpaceWaiting);
}
}
// make a CONNECT request
void HttpCltXact::makeConnectReq(ostream &os) {
os << rlpConnect;
Oid2UrlHost(theOid, true, os);
makeReqVersion(os);
+
+ os << hfpHost;
+ Oid2UrlHost(theOid, true, os);
+ os << crlf;
+
makeHopByHopHdrs(os);
static int reqCount = 0;
finishReqHdrs(os, !reqCount++);
// no body for CONNECT requests
theReqOid.type(TheBodilessContentId);
}
// make a non-CONNECT request
void HttpCltXact::makeExplicitReq(ostream &os) {
Assert(the100ContinueState == csNone);
Assert(!theReqContentCfg);
Assert(!theBodyIter);
// decide whether the request should have a body
if (theOid.post() || theOid.put()) {
theReqSize.expectedBody(true);
theReqContentCfg = theOwner->selectReqContent(theOid, theReqOid);
theBodyIter = theReqContentCfg->getBodyIter(theReqOid);
theBodyIter->start(&theConn->theWrBuf);
</PRE>
<BR>
</BODY>
</HTML>