[Dillo-dev] Re: HTTPS Proxy Support

Sat, 22 Jun 2024 03:40:05 -0700 

Hi,

On Sat, Jun 22, 2024 at 09:43:00AM +1000, Kevin Koster wrote:

But the proxy approach allows old versions/binaries to keep working
too. If Dillo 3.0.5 had supported it, then the HTTPS issues from
lacking SNI support could have been worked around by running an
'old-style' HTTPS proxy with SNI support on localhost.


A related term seems to be "reverse proxy":

https://en.wikipedia.org/wiki/Reverse_proxy


From the "Fun with Crypto Ancienne" post I understand that you want 
Dillo to get a HTTP or HTTPS URL and always perform a HTTP GET towards 
your proxy, as the Mosaic configuration suggests:



https 127.0.0.1 8765 http

http 127.0.0.1 8765 http 



Other that those old browsers, I don't think you can do this with any 
(relatively) modern tool.


This is what Dillo is currently doing for https and http URLs:

  hop% http_proxy=http://localhost:1234 dillo http://www.google.com
  hop% nc -l 1234
  GET http://www.google.com/ HTTP/1.1
  Host: www.google.com
  User-Agent: Dillo/3.1.1
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Encoding: gzip, deflate
  DNT: 1
  Referer: http://www.google.com/
  Connection: keep-alive

  hop% http_proxy=http://localhost:1234 dillo https://www.google.com
  hop% nc -l 1234
  CONNECT www.google.com:443 HTTP/1.1
  Host: www.google.com:443

While for the latter you'll want:

  GET https://www.google.com/ HTTP/1.1
  Host: www.google.com
  User-Agent: Dillo/3.1.1
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Encoding: gzip, deflate
  DNT: 1
  Referer: https://www.google.com/
  Connection: keep-alive


You'll need to instruct Dillo to ignore the HTTPS handling and just 
treat it as an HTTP GET request to the proxy (using the HTTPS url), so 
no CONNECT is used.



Sure, or actually I'd suggest using a separate variable/option name
to set that proxy server because using "https_proxy" for both proxy
systems is what's already confused me now with Wget. Something
like "https_endpoint=[hostname]" maybe?



I think I would have to see it implemented to determine what would be a 
good name that prevents users from accidentally misconfiguring it.


Best,
Rodrigo.
_______________________________________________
Dillo-dev mailing list -- dillo-dev@mailman3.com
To unsubscribe send an email to dillo-dev-le...@mailman3.com






















					Reply via email to