Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the correct URL format to send to an HTTP proxy server?

When my application requests a particular URL from a server (over https), it gets a 301 Moved Permanently redirection. However the Location header is badly-formed. I see something like this:

> GET https://myserver/url HTTP/1.1
< 301 Moved Permanently
< Location: https://redirectedserverhttp://myserver/url

If I send the request without the host, I get a correctly-formed URL:

> GET /url HTTP/1.1
< 301 Moved Permanently
< Location: https://redirectedserver/url

I am going through a proxy server and according to RFC 2068 section 5.1.2, "The absoluteURI form is required when the request is being made to a proxy" so it looks like I'm doing it the right way but the proxy is responding incorrectly. If I try this through a browser, curl, or wget it works fine. I looked at the wget code and the logic looks like:

if( proxy && !https ) {
    use absoluteURI
} else {
    use relativeURI
}

Wget even has a comment in its source code:

/* When using SSL over proxy, CONNECT establishes a direct
   connection to the HTTPS server.  Therefore use the same
   argument as when talking to the server directly. */

Is this an actual standard defined somewhere? If the absolute URI form is supposed to be used, why do the other tools not use it, and why is it failing?

like image 509
Graeme Perrow Avatar asked Nov 18 '13 14:11

Graeme Perrow


1 Answers

You only send absolute URLs with HTTP. They are useless with HTTPS anyway because the proxy does not see them. It only sees the CONNECT header, everything else is encrypted.

It is not the proxy that responds with an invalid URL, it's the server itself. The proxy cannot see or the response either because it's encrypted as well.

like image 121
n. 1.8e9-where's-my-share m. Avatar answered Oct 16 '22 13:10

n. 1.8e9-where's-my-share m.