go-any-proxy icon indicating copy to clipboard operation
go-any-proxy copied to clipboard

Published 20 hours ago verified publisher icon ryanchapman

CONNECT always results in: HTTP/1.1 403 URLBlocked

Open pandel opened this issue 2 years ago • 3 comments

Hi!

I tried to use any_proxy in combination with wget (just for testing purpose), to redirect a simple HTTPS web request, but it always results in this (data anonymized):

2022/08/08 19:04:45 any_proxy.go:584: : DEBUG : Enter handleProxyConnection: clientConn=&{conn:{fd:0xc00008b000}} (*net.TCPConn)
2022/08/08 19:04:45 any_proxy.go:115: : DEBUG : lookup(): CACHE_MISS
2022/08/08 19:04:45 any_proxy.go:623: : DEBUG : PROXY|10.XX.XX.250:52728->10.XX.XX.15:8080->pd9535add.dip0.dest.adr.net.:443|Connected to proxy
2022/08/08 19:04:45 any_proxy.go:630: : DEBUG : SNI-PARSING|10.XX.XX.250:52728 via 10.XX.XX.15:8080 for req.url.com on destination pd9535add.dip0.dest.adr.net.:443
2022/08/08 19:04:45 any_proxy.go:637: : DEBUG : PROXY|10.XX.XX.250:52728->10.XX.XX.15:8080->pd9535add.dip0.dest.adr.net.:443|Sending to proxy: "CONNECT req.url.com:443 HTTP/1.1\r\nProxy-Authorization: Basic eWkwBLABLABLABLAODEwNg==\r\nX-Forwarded-For: 10.XX.XX.250\r\n\r\n"
2022/08/08 19:04:45 any_proxy.go:644: : DEBUG : PROXY|10.XX.XX.250:52728->10.XX.XX.15:8080->pd9535add.dip0.dest.adr.net.:443|Received from proxy: "HTTP/1.1 403 URLBlocked\r\n"
2022/08/08 19:04:45 any_proxy.go:665: : INFO : PROXY|10.XX.XX.250:52728->10.XX.XX.15:8080->pd9535add.dip0.dest.adr.net.:443|ERR: Proxy response to CONNECT was: "HTTP/1.1 403 URLBlocked\r\n". Trying next proxy.
2022/08/08 19:04:45 any_proxy.go:680: : INFO : PROXY|10.XX.XX.250:52728->UNAVAILABLE->pd9535add.dip0.dest.adr.net.:443|ERR: Tried all proxies, but could not establish connection. Giving up.

If I simply set the https_proxy environment variable and do not use any_proxy, everything works as expected - but that is not possible with the program I want to use any_proxy for... as I said, wget is for testing purpose only.

I am wondering what any_proxy is doing differently.

Regards, Holger

pandel avatar Aug 08 '22 17:08 pandel

Hi Holger,

It looks like the upstream proxy is blocking the request?

HTTP/1.1 403 URLBlocked

ryanchapman avatar Aug 08 '22 19:08 ryanchapman

:D THAT is only the case, if I use any_proxy instead of the normal https_proxy environment variable, as I already said...

pandel avatar Aug 08 '22 20:08 pandel

Based on what I see in the debug logs, any_proxy is sending in a Proxy-Authentication header.

For the test with https_proxy are you also setting a username and/or password? If I remember correctly, that is done with something like https_proxy=https://USERNAME:[email protected]:443

A packet capture with the https_proxy test would be helpful, but is difficult to pull off because of the encryption. You need to use tshark along with non Diffie-Hellman ciphers.

ryanchapman avatar Aug 10 '22 21:08 ryanchapman

Going to close this for now. Feel free to re-open if needed.

ryanchapman avatar Nov 06 '22 00:11 ryanchapman