I setup a reverse proxy in front of an 3rd party server that does not support https nor wss. So the purpose of the reverse proxy is to rewrite the https and wss request to http and ws on the 3rd party server.
I am using Azure App Service as reverse proxy. For the https:// to http:// rewrite are good. But not sure how to rewrite an wss:// to ws://. Does anyone show me how to rewite wss to ws?
For example:
ws://example.com/ws => wss://oldserver.com:1234/ws
Related
Our environment requires that all requests to the public internet go through a proxy that uses HTTP tunneling (HTTP Connect). I have a service from a vendor that is not able to use an HTTP Connect proxy.
My plan is to set up a transparent proxy that the service can send traffic to, which will redirect traffic to the HTTP Connect proxy.
service -> transparent proxy -> http connect proxy -> public internet
Is it possible to redirect this traffic without decrypting and re-encrypting the HTTPS request? I won't be able to install any custom certs on the initial service to allow this (and I don't want to view the contents of the HTTP messages anyway). Also, are there any proxies that are made specifically to do this, or will I need to write my own?
I need to put a web proxy in place to log user activity at work after a recent incident. My first thought was Squid proxy but after some research it seems that https requests are a total nightmare. These days more sites are https than http so I need to log both. Can anyone recommend a proxy server or otherwise to pass all http and https requests through to log?
Thanks
Squid can very well handle HTTP as well ass HTTPS traffic. How you should configure squid depends how you want the configure clients (I mean browser).
In general Squid proxy server can be configured to listen for both HTTP and HTTPS traffic on specific port (by default 3128) for squid and clients can be configured manually or using DHCP Option 252 + WPAD (Web Proxy Auto-Discovery Protocol).
Alternately Squid can be configured in transparent mode intercepting the traffic on your network, in this case Squid will listen on different ports for HTTP and HTTPS traffic.
Shahnawaz
Is it possible to have a Sinatra web server detect an HTTPS:// connection and redirect it to a HTTP:// connection with the same URL, and not have to deal with SSL certificates? I tried stunnel to redirect but it's asking for a cert.
With HTTPS, the first thing a browser does is to create a secure connection to the webserver. For this, it requires a valid server certificate. Before the secure connection is established, you can not perform any HTTP redirect yet.
Thus, to be able to perform any redirects from https to http, you need to have a valid SSL certificate on the server. And in that case, you should really think about having SSL enabled for all content anyway.
My websocket server listens on port 8080 with no proxy.
Most of the time I'm getting requests with the Upgrade Websocket header and it works fine.
Sometimes I'm getting HTTP CONNECT requests.
Is this a valid request?
Does it means that there is a proxy server between the client and the server?
How my server is suppose to respond to the CONNECT request?
Thanks
You are getting CONNECT requests because you are likely to have configured your browser to use a proxy. If you directed your browser to use port 8080 on your local IP address, it will assume there is a proxy and that means when you ask for a secure connection, the browser leads with CONNECT.
You will need to add support for SSL/TLS tunnelling to your server to deal with this.
Is https different from http with ssl? If so, when should one use https and when ssl?
HTTPS is a transfer protocol in web and it uses SSL in its underlying (Socket) layer. Its possible for HTTPS to use other technologies for achieving security for transferring HTTP traffic in the future.
SSL is a way of securing data transfer at socket layer. It could be used for other purposes (i.e FTPS).
Nope. HTTPS is HTTP over SSL.