Any help on this would be really great . I have my setup like the follows.
Client machine -> ATS 1 as forward proxy -> ATS 2 as a forward proxy -> Origin server I am doing proxy chaining . ATS 2 is configured as parent proxy. and there is a ssh tunnel between ATS1 and ATS2. When I send a http request from my client every thing works perfect and I client gets the requested content. But when I send *https* request from my client, ATS1 sends back 403 Access denied. I guess we need to make some settings for ATS to forward CONNECT method. Can I get some help on configuring ATS for allowing *https* request to be forwarded . If I need to upload the origin server certificate in ATS, that is also possible. I don't need to make this setup as an open proxy. Only designated origin server will be supported. Thanks in advance ~S On 9 March 2017 at 04:44, salil GK <[email protected]> wrote: > Thanks James for pitching in . > > So the point is I want to get a https request delivered to the origin > server through my proxy. Now it is being dropped I guess . How do I get it > done ? > > Thanks in advance > ~S > > On 8 March 2017 at 22:34, James Peach <[email protected]> wrote: > >> >> > On Mar 8, 2017, at 2:48 AM, salil GK <[email protected]> wrote: >> > >> > Basically while analysing the traffic, what I observed is when I access >> http site the header http header coming as >> > >> > ^MHTTPMSG:^M|GET http://10.106.251.95/ HTTP/1.1^MHost: >> 10.106.251.95^MUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; >> rv:51.0) Gecko/20100101 Firefox/51.0^MAccept: text/html,application/xhtml+xm >> l,application/xml;q=0.9,*/*;q=0.8^MAccept-Language: >> en-US,en;q=0.5^MAccept-Encoding: gzip^MCookie:<CONCEALED>^MConnection: >> keep-alive^MUpgrade-Insecure-Requests: 1^M^M|^M >> > >> > >> > >> > where as for https access the http header comes as >> > >> > ^MHTTPMSG:^M|CONNECT 10.106.251.95:443 HTTP/1.1^MUser-Agent: >> Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:51.0) Gecko/20100101 >> Firefox/51.0^MProxy-Connection: keep-alive^MConnection: >> keep-alive^MHost: 10.106.251.95:443^M^M|^M >> > >> > and servers return >> > Msg="HTTP/1.1 403 Access Denied" >> > >> > back to browser >> > >> > How do I configure ATS to pass https request to the origin server ? >> >> This is a user agent behavior. When user agents make a HTTPS request >> through a proxy they will use the CONNECT method to establish an end-to-end >> secure tunnel to the origin. >> >> > >> > Thanks in advance >> > ~S >> > >> > On 8 March 2017 at 14:40, salil GK <[email protected]> wrote: >> > Hello >> > >> > We were trying to set up a forward proxy. I have my remap entry as >> below. >> > >> > >> > >> > >> >> > >> > regex_map http://(.{3,1023})/ http://$1/ >> @plugin=ts_httpallow_remap_plugin.so >> @pparam=/etc/trafficserver/etc/httpallowlist.txt >> @pparam=forwardproxy >> > >> > << >> > >> > >> > >> > Httpallow_remap_plugin is used for filtering the origin server. >> > >> > If I access an external http site using this server a proxy, every >> thing works. >> > >> > >> > >> > >> >> > >> > regex_map https://(.{3,1023})/ https://$1/ >> @plugin=ts_httpallow_remap_plugin.so >> @pparam=/etc/trafficserver/etc/httpallowlist.txt >> @pparam=forwardproxy >> > >> > << >> > >> > >> > >> > >> > When I access an https site using this server as my proxy server, it >> doesn’t work. Also the control doesn’t reach httpallow_remap_plugin also. >> It always shows access denied. >> > >> > >> > >> > What could be the problem ? >> > >> > >> > >> > Thanks in advance >> > >> > ~S >> > >> > >> >> >
