Why our server receives CONNECT method requests from our android app while we don't use it in our code?

Question

Some users complained about network issues. Our android app communicates to our server through https.

Our Apache logs showed responses with the status; "405 Method not allowed (CONNECT)", this problem was only reproduced on specific IP addresses.

I don't understand why the android app is trying to reach the server with a CONNECT method, I never use this method in the app, I use only GET, POST or PUT.

It seems a proxy may be involved in that problem, but I have no idea how to solve it. Does anyone know ?

Answer 1

Looking at the wiki for http connect

A variation of HTTP tunneling when behind an HTTP Proxy Server is to use the "CONNECT" HTTP method.[1][2]

Not to point out the obvious, but enabling the connect method in Apache seams like the answer. Easier than asking the customers to remove their proxy servers.

Answer 2

You need to provide support for the CONNECT HTTP method, which is commonly used to tunnel SSL requests through proxy servers. Thats why you are receiving them, some users are behind a proxy.

In Apache, to enable handling CONNECT requests, mod_proxy and mod_proxy_connect have to be present in the server.

The problem is that you need to secure your server, which will probably defeat the purpose of you app.

DON'T enable mod_proxy and mod_proxy_connect if you have not secured your server.