redsocks icon indicating copy to clipboard operation
redsocks copied to clipboard
verified publisher icon darkk

fix handle proxy request in http relay

Open V-E-O opened this issue 11 years ago • 2 comments

if client requests with absolute uri: GET http://www.github.com HTTP/1.1 Host: www.github.com

tcp-relay will redirect it as: GET http://http://www.github.com HTTP/1.1 Host: www.github.com

V-E-O avatar Dec 15 '14 10:12 V-E-O

https://tools.ietf.org/html/rfc2616#section-5.1.2

5.1.2 Request-URI

The Request-URI is a Uniform Resource Identifier (section 3.2) and identifies the resource upon which to apply the request.

   Request-URI    = "*" | absoluteURI | abs_path | authority

V-E-O avatar Mar 10 '16 17:03 V-E-O

That's correct, but IMHO http-relay should be avoided as it's can of bugs. Why do you use it?

  • it does not support keep-alive (it modifies only the first request)
  • it is workaround for HTTP/1.0 client that does not send any Host header
  • it is vulnerable to CVE-2009-0801 as original destination IP address is lost, upstream proxy does not know it, and it has to trust Host header that can be manipulated

darkk avatar Apr 04 '16 09:04 darkk