I created a GET HTTPMethod with a specified host and port and execute that from Httpclient.executeMethod(). However, by the time the host receive it, the port is truncated from the Host Header in the HTTP request.
The Host header information in the HttpMethod prior to executing is the following:
User-Agent: Me
Host: stackoverflow.com:80
at the time received by the host:
User-Agent: Jakarta Commons-HttpClient/3.1
Host: stackoverflow.com
I have seen posting where I can set the User-Agent in the HTTPClient prior to executing. But, I've tried that with the host via HostConfiguration, and no luck. Anyone has seen this problem before and resolved it such that the host will not change?
This does not happened when I used the other httpclient package, or when I hit different port.
Found the answer: How can I override the "Host" header in the request when using Apache commons HttpClient
Related
I'm running a Tomcat webserver on http port 8080. In front I have an Apache that handles https ssl connections.
How can I know if the client made a request using http:// or https://? Because the following shows http always, because the Apache internally sends only http:8080 requests to the Tomcat of course. So the initial scheme requested is lost here.
HttpServletRequest req;
req.getRequestURL().toString(); // always shows http://....
Apache should add following request headers as explained in mod_proxy docs:
X-Forwarded-For - The IP address of the client.
X-Forwarded-Host - The original host requested by the client in the Host HTTP request header.
X-Forwarded-Server - The hostname of the proxy server.
Additionally X-Forwaded-Proto with the original protocol can be added as explained in this example:
<VirtualHost *:443>
<strong>RequestHeader set X-Forwarded-Proto "https"</strong>
I am making a proxy application for a browser. It has to use only the standard libraries. So far, I've managed to create the server. When trying to access a web page from a client, i get the following information:
CONNECT gmail.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 Firefox/49.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: gmail.com:443
My question is: what to use in order to handle the requests? How to handle a file download?
Once you get that CONNECT command, do what is asked: create the upstream connection, and return the appropriate success/failure response. If the upstream connection was successful, all you have to do now is copy bytes in both directions, simultaneously. The endpoints will take care of all SSL issues, uploads, downloads, etc. You have no further role to play.
The general behaviour of a proxy is as follows:
Receive request from browser
Make a request to the actual server, resolving all redirects if necessary
Get the response from server and passit on to client
I am not getting into complications of changing request/response headers, caching etc.
Now from the above, you are making a SSL connection to gmail.com refer.
The browser is actually sending correct request, in this case you need to implement the handshake and connect to gmail with HTTPS offloading SSL on your side and sending the response received to the browser through the negotiated SSL with the browser.
Suggestion is to use HTTP instead of HTTPS, if this is not a production grader system and try out the concept first
I was able to successfully run the websocket in my local machine with the following apache configuration,
ProxyRequests off
ProxyPreserveHost on
<Location /chat>
ProxyPass ws://localhost:8080/chat
ProxyPassReverse ws://localhost:8080/chat
</Location>
I am using mod_proxy_wstunnel for Apache/2.4.7 (Ubuntu) and using Wildfly 9.0.1. When I moved the deployment to my production server(AWS) with the same configuration mentioned I get following response instead,
WebSocket is already in CLOSING or CLOSED state.
The Weird thing is I was actually able to connect to WebSocket from within the hosted server using wscat,
wscat -c ws://example.com/chat/1/
But, The connection from outside the server/browser results on the response I have stated above. First of all I thought that the issue was probably due to AWS filtering the Hop-by-Hop header i.e removing the Upgrade and Connection header for the websocket request. But, When I created a dummy websocket server using websocketd, I was able to fetch the result through the same URL.
I am not sure if the issue is related to the Wildfly Application server or the Apache Proxy Pass. I too tried using NGINX but I am getting the same response as using Apache. Some of the Stackoverflow post suggested on disabling the mod_reqtimeout which I have done.
The Websocket request successfully triggers #OnOpen event of Websocket and immediately closes without any significant log. Following lines of code results on 1006 which is CLOSED_ABNORMALLY.
#OnClose
public void close(Session session, CloseReason c) {
logger.info("Closing:" + c.getCloseCode());
}
Here is the Request/Response Log from Chrome Dev Tool,
General
Request URL:ws://example.com/chat/3
Request Method:GET
Status Code:101 Switching Protocols
Response Headers
Connection:Upgrade
Content-Length:0
Date:Fri, 13 May 2016 13:09:11 GMT
Origin:http://example.com
Sec-WebSocket-Accept:pPjTLv5Dz+/vyjY/SkeMihaXDd0=
Sec-WebSocket-Location:ws://example.com/chat/3
Server:WildFly/9
Upgrade:WebSocket
X-Powered-By:Undertow/1
Request Headers
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Cookie:mp_c4f10660603c33a8e9307b70e6767539_mixpanel=%7B%22distinct_id%22%3A%20%2215210855b11180-0ffdda567-1821170c-d37aa-15210855b123f2%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D; mf_user=a60cd2cdcfc41836645d949f71ee3127; intercom-id=d1af89ac-9d55-4fef-8a17-3848d8ef0fce; wooTracker=VQf16pMBx4Pu; _ga=GA1.2.544774749.1447732319; JSESSIONID=z4a1hBpQJQz4YCsLivHRRFf8b0dzYzBsT_4PLadB.ip-172-30-0-20; mf_154095de-56ef-4099-9976-f9a298cf0677=8438220eda64d856436d798ca0b9188a|05132367e34aabbf7bcce5b1e8811235b0bd15d4|1463144963483||19|
Host:example.com
Origin:http://example.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:94OH1SxHvszgJO6Rg31WGA==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Please let me know if you have any ideas/suggestions regarding the subject matter.
We found a possible problem in the websocket communication between client and server: Kaspersky, and their corporative firewall.
If we disable the firewall the websocket works (websocketstest is our friend!). But this workaround it isn't a good solution, because our security guys will not be happy :).
Other problem could be the correct configuration in Apache (your configuration looks correct):
ProxyRequests off
ProxyPreserveHost on
Our approach is a secure websocket. We coded a websocket test over TLS using the echo server in the website (http://www.websocket.org/echo.html) and it worked!!!.
I have service which works like a proxy, you can get web pages through it. For example via telnet
GET http://example.com HTTP/1.1
Host: example.com
But if I want download https page I should do the following
GET https://example.com HTTP/1.1
Host: example.com
Https-Header: true
And I want to write scala client for this service using apache http client, using service like a proxy host.
private val DefaultProxy = new HttpHost("service host", port)
private val DefaultClient =
HttpClientBuilder.create().
setProxy(DefaultProxy).
build()
I can successfully download http pages, but when I try to download https pages, apache client makes CONNECT request to the proxy, and it response with error, cause service can operate only with GET requests.
How can I make apache client work with https pages like with http, that's mean send GET request to proxy, not CONNECT?
To download an https webpage in the same way than an http one with telnet you need to establish the ssl/tls connection first:
openssl s_client -connect www.somesite:443
[watch the ssl certificate details scroll by]
GET /index.html HTTP/1.1
Host: www.somesite
Example from https://www.bearfruit.org/2008/04/17/telnet-for-testing-ssl-https-websites/
For scala maybe that can help you : https://github.com/scalaj/scalaj-http
HTTPS is HTTP over SSL/TLS so you need something to establish the SSL/TLS secure tunnel to the website, then you can send your HTTP request.
I find out a solution.
I write custom HttpRoutePlanner which always provide not secure route, and then Apache client work with https link like with http link, there is a HttpRoutePlanner code
private def routePlanner(proxy: HttpHost) = new HttpRoutePlanner() {
def determineRoute(target: HttpHost ,
request: HttpRequest,
context: HttpContext) = {
new HttpRoute(target, null, proxy, false)
}
}
I am trying to establish a connection to Red5 server through RTMPT. I am using the Red5 client jar red5-client-1.0.jar. While trying to connect, the following are successful.
POST /open/1 HTTP/1.1
POST /send/DMPDQNDRFPCCV/1 HTTP/1.1
POST /idle/DMPDQNDRFPCCV/2 HTTP/1.1
POST /idle/DMPDQNDRFPCCV/3 HTTP/1.1
After this, when the client sends
POST /idle/DMPDQNDRFPCCV/4 HTTP/1.1
I get the following error on the client side:
"Idle: unknown client session: DMPDQNDRFPCCV"
What is the cause of this error? Is there any configuration to do in Red5. I have done all the necessary configurations to enable RTMPT as in http://gregoire.org/2009/01/28/rtmpt-and-red5/
The unknown client message indicates that the session has been removed from the connection manager for some reason. I would suggest turning up the log levels and watching the console for more information.