Using openSSH, I've created the same tunnel on tigger. And connecting via Netscape Navigator 4.61. I don't see the http: on the URL line.
DEBUG: read HTTP request line: GET /viewLog.html HTTP/1.0 [26] [MSGID0204038] DEBUG: read HTTP header line: Referer: https://tigger.burtonstrauss.us:8081/Admin.html [56] DEBUG: read HTTP header line: Connection: Keep-Alive [22] DEBUG: read HTTP header line: User-Agent: Mozilla/4.61 [en] (WinNT; U) [40] DEBUG: read HTTP header line: Host: tigger.burtonstrauss.us:8081 [34] DEBUG: read HTTP header line: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* [75] DEBUG: read HTTP header line: Accept-Encoding: gzip [21] DEBUG: read HTTP header line: Accept-Language: en [19] DEBUG: read HTTP header line: Accept-Charset: iso-8859-1,*,utf-8 [34] HTTP/I18N_DEBUG: Requested URL = '/viewLog.html', length = -1 HTTP/I18N_DEBUG: User-Agent = 'Mozilla/4.61 [en] (WinNT; U)' >From RFC 1945, 5.1.2 Request-URI The Request-URI is a Uniform Resource Identifier (Section 3.2) and identifies the resource upon which to apply the request. Request-URI = absoluteURI | abs_path The two options for Request-URI are dependent on the nature of the request. The absoluteURI form is only allowed when the request is being made to a proxy. The proxy is requested to forward the request and return the response. If the request is GET or HEAD and a prior response is cached, the proxy may use the cached message if it passes any restrictions in the Expires header field. Note that the proxy may forward the request on to another proxy or directly to the server specified by the absoluteURI. In order to avoid request loops, a proxy must be able to recognize all of its server names, including any aliases, local variations, and the numeric IP address. An example Request-Line would be: GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.0 The most common form of Request-URI is that used to identify a resource on an origin server or gateway. In this case, only the absolute path of the URI is transmitted (see Section 3.2.1, abs_path). For example, a client wishing to retrieve the resource above directly from the origin server would create a TCP connection to port 80 of the host "www.w3.org" and send the line: GET /pub/WWW/TheProject.html HTTP/1.0 followed by the remainder of the Full-Request. Note that the absolute path cannot be empty; if none is present in the original URI, it must be given as "/" (the server root). The Request-URI is transmitted as an encoded string, where some characters may be escaped using the "% HEX HEX" encoding defined by RFC 1738 [4]. The origin server must decode the Request-URI in order to properly interpret the request. So, that begs the question if there's a proxy server involved?? Regardless, using WebBug (http://www.cyberspyder.com/) I can fake it... which shows I need to collapse the http: out of the middle, not the start. Try the attached patch and let me know. If it DOESN'T work, enable the debug lines so we can see the output. -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf > Of Stanley Hopcroft > Sent: Monday, January 05, 2004 5:08 PM > To: [EMAIL PROTECTED] > Subject: Re: [Ntop-dev] PR: Can't access 2.2.98 web server via forwarded > SSH connection. > > > Dear Sir, > > I am writing to thank you for your letter and say, > > On Mon, Jan 05, 2004 at 07:25:27AM -0600, Burton M. Strauss III wrote: > > Yup. It seems that ntop is somehow seeing the http:// as part of the > > request - normally I thought that gets stripped off and only > the uri portion > > (e.g. tssyd:3000/ is what is seen by checkURLsecurity. > > > > In http.c, there's a setting for HTTP_DEBUG - enable it in > globals-define.h > > and look for lines like this: > > > > Jan 5 07:11:14 tigger ntop[10168]: HTTP/I18N_DEBUG: Requested URL = > > '/functions.js', length = -1 [MSGID0630432] > > Jan 5 07:11:14 tigger ntop[10168]: HTTP/I18N_DEBUG: User-Agent = > > 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)' > > [MSGID1022638] > > Jan 5 07:11:14 tigger ntop[10168]: I18N_DEBUG: Accept-Language = > > 'en-us,en;q=0.5' [MSGID8772014] > > 07:11:39 tigger [Linux] user=ntop pwd=~ $ > > > > in your log - we need to figure out how the request is being > packaged into > > the tunnel... and what ntop is seeing. > > > > I've tested my Linux system and I'm NOT seeing the http:// in > the tunneled > > request, both -w 3000 and -W 3001. But I'm using a 3rd party ssh, not > > openssh (which version, BTW, is installed on the local host? > > Both endpoints of the ssh tunnel (ie origin of the ssh connection and > the ntop host that receives the ssh connection) are FreeBSD > 4.9-RELEASE-p1. > > Both endpoints use the base OS openssh with version > > . ntop host: OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, > OpenSSL 0x0090703f > > . tunnel origin: OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, > OpenSSL 0x0090703f > > (both systems are upgraded the same way by source from the FreeBSD CVS. > Every part of the base should be identical.) > > > And what > > version OS, etc. is that system?) > > > > There's also a DEBUG line around 265 (which you should manually > enable by > > just deleting the #ifdef and #endif lines): > > > > #ifdef DEBUG > > traceEvent(CONST_TRACE_INFO, "DEBUG: read HTTP %s line: > %s [%d]", > > (numLine>1) ? "header" : "request", lineStr, > idxChar); > > #endif > > > > Which reports the actual stuff being pulled from the http > request headers. > > > > Jan 6 09:27:19 tssyd ntop[86886]: THREADMGMT: Started thread > (141059072) for network packet sniffing on fxp0 > Jan 6 09:27:19 tssyd ntop[86886]: THREADMGMT: rrd thread (137133056) > started > Jan 6 09:27:19 tssyd ntop[86886]: THREADMGMT: web connections thread > (86886) started... > Jan 6 09:27:19 tssyd ntop[86886]: Note: SIGPIPE handler set (ignore) > Jan 6 09:27:19 tssyd ntop[86886]: THREADMGMT: pcap dispatch thread > running... > > 1 Request through the tunnel with Nav > > Jan 6 09:28:48 tssyd ntop[86886]: HTTP/I18N_DEBUG: Requested URL = > 'http://tssyd:3000/', length = -1 > Jan 6 09:28:48 tssyd ntop[86886]: HTTP/I18N_DEBUG: User-Agent = > 'Mozilla/4.76 [en] (X11; U; Linux 2.4.2 i386; Nav)' > Jan 6 09:28:48 tssyd ntop[86886]: **ERROR** URL security: > 'http://tssyd:3000/' rejected (code=2)(client=192.168.102.230) > Jan 6 09:28:57 tssyd ntop[86886]: **ERROR** Rejected request from > address 192.168.102.230 (it previously sent ntop a bad request) > Jan 6 09:29:02 tssyd ntop[86886]: **ERROR** Rejected request from > address 192.168.102.230 (it previously sent ntop a bad request) > Jan 6 09:30:04 tssyd last message repeated 2 times > > 2 Direct request (not tunnelled) with Firebird/Moz showing that debug > messages are being written (direct request works fine) > > Jan 6 09:30:50 tssyd ntop[86886]: HTTP/I18N_DEBUG: Requested URL = > '/', length = -1 > Jan 6 09:30:50 tssyd ntop[86886]: HTTP/I18N_DEBUG: User-Agent = > 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5a) Gecko/20030808 > Mozilla Firebird/0.6.1' > Jan 6 09:30:50 tssyd ntop[86886]: HTTP/I18N_DEBUG: Testing for page > index.html at ./html/index.html > Jan 6 09:30:50 tssyd ntop[86886]: HTTP/I18N_DEBUG: Testing for page > index.html at /usr/local/ntop-2.2.98/share/ntop/html/index.html > Jan 6 09:30:51 tssyd ntop[86886]: HTTP/I18N_DEBUG: Requested URL = > '/style.css', length = -1 > Jan 6 09:30:51 tssyd ntop[86886]: HTTP/I18N_DEBUG: User-Agent = > 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5a) Gecko/20030808 > Mozilla Firebird/0.6.1' > > 3 Firebird via the tunnel > > Jan 6 09:37:22 tssyd ntop[86886]: clearing lockout for address > 192.168.102.230 > Jan 6 09:37:22 tssyd ntop[86886]: HTTP/I18N_DEBUG: Requested URL = > 'http://tssyd:3000/info.html', length = -1 > Jan 6 09:37:22 tssyd ntop[86886]: HTTP/I18N_DEBUG: User-Agent = > 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5a) Gecko/20030808 > Mozilla Firebird/0.6.1' > Jan 6 09:37:22 tssyd ntop[86886]: **ERROR** URL security: > 'http://tssyd:3000/info.html' rejected (code=2)(client=192.168.102.230) > > > A cheesy fix: > > > > } else if(numLine == 1) { > > >>> if(strncmp(lineStr, "http://";, 7) == 0) { > memset(&lineStr, ' ', > > 7); } > > >>> if(strncmp(lineStr, "https://";, 8) == 0) { > memset(&lineStr, ' ', > > 8); } > > strncpy(httpRequestedURL, lineStr, > > > sizeof(httpRequestedURL)-1)[sizeof(httpRequestedURL)-1] = > > '\0'; > > > > might work... > > Here's what I did > > tssyd> diff -u http.c.orig http.c > --- http.c.orig Tue Jan 6 09:16:57 2004 > +++ http.c Tue Jan 6 09:58:41 2004 > @@ -267,6 +267,8 @@ > if(errorCode != 0) { > ; /* skip parsing after an error was detected */ > } else if(numLine == 1) { > + if(strncmp(lineStr, "http://";, 7) == 0) { memset(&lineStr, ' > ', 7); } > + if(strncmp(lineStr, "https://";, 8) == 0) { memset(&lineStr, ' > ', 8); } > strncpy(httpRequestedURL, lineStr, > > sizeof(httpRequestedURL)-1)[sizeof(httpRequestedURL)-1] = '\0'; > > > Unfortunately, the results are the same. > > > > > > > > > > -----Burton > > > > Yours sincerely. > > -- > ------------------------------------------------------------------------ > Stanley Hopcroft > ------------------------------------------------------------------------ > > '...No man is an island, entire of itself; every man is a piece of the > continent, a part of the main. If a clod be washed away by the sea, > Europe is the less, as well as if a promontory were, as well as if a > manor of thy friend's or of thine own were. Any man's death diminishes > me, because I am involved in mankind; and therefore never send to know > for whom the bell tolls; it tolls for thee...' > > from Meditation 17, J Donne. > _______________________________________________ > Ntop-dev mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev >
BMS0410-proxyreqfixup.patch
Description: Binary data
