I want connection to a websocket server wss://fm.missevan.com:3016/ws。i use online websocket tool http://www.websocket-test.com to do it, but in edge browser, it's response is ok and in chrome ,the response is 403 forbidden.
Actually, i use GO language to connection wss://fm.missevan.com:3016/ws,I tried many websocket library but all failed.
I checked the request header of connected browser, there are no special fields. so who can analyze the reason of this, thanks
Related
I want to block some sites with my proxy by responding with 403. I succeeded with responding in such a way in an HTTP proxy, but when I get the CONNECT method, I respond with:
HTTP/1.1 403 Forbidden
Status: 403 Forbidden
Proxy-agent: smth
Connection: close
But users still get the ERR_TUNNEL_CONNECTION_FAILED. What can I do to provide users with a nice 403 error?
RFC 2817 does not disallow 4xx codes, and the Draft has the section "4. Extensibility" that states that
"The tunneling handshake is freely extensible using the HTTP/1.x headers;"
But it looks like all browsers decided to just ignore almost every non-2xx codes for security reasons.
Here are some bugs reports:
https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/dd565641(v=vs.85)
Internet Explorer 8 has a feature that ensures that the secure connection is made all the way to the target server. If it isn't, then no page is displayed.
https://bugzilla.mozilla.org/show_bug.cgi?id=479880
I realize that I'm way late to the party here, but [...] this fix is terrible for proxy admins (myself included). Our proxy returns a 403 forbidden for filtered SSL content and an error page about why the content is blocked, and Firefox just drops all of it on the floor
https://bugs.chromium.org/p/chromium/issues/detail?id=7338
So that's the way it is.
I have one question. Recently i have get link from my streaming server to play in my website. My streaming server use http link but my website use https ssl. During i get the link to play it cannot get content from my streaming server by show the following error:
enter image description here
I am looking forward to hearing from all of you soon.
Thanks in advance.
Best Regards,
Chhenghong
This error happens because you cannot access HTTP resource from HTTPS page, for security consideration. It is the browser behaviour.
To fix this issue, a proxy endpoint can be made in server side, such as /proxy/playlist.m3u8, which accept HTTP GET request. The browser will fetch the resource from https://<your-server>/proxy/playlist.m3u8, as if it is stored in your host. As it is an HTTPS request, no error.
In the server side, when GET request to /proxy/playlist.m3u8 is listened, the HTTP request would be proxied to your streaming server (send GET request to the streaming server with all headers, parameters and body). When the response from streaming server is received, the response would be returned to browser directly, with all response headers and data.
As the HTTP request to streaming server happens in your server side, the restriction logic from browser does not apply any more.
For example, if the server is written in Node.js, with Express and request module, the proxy endpoint would look like:
app.get('/proxy/playlist.m3u8', function(req, res) {
req.pipe(request('http://<streaming-server>/path/playlist.m3u8')).pipe(res);
});
I have read and tried the solutions shared in the previous posts for this error but nothing helped me to fix this. Kindly help.
I am making a HTTPS API call. A very simple call which accepts a 2 KB JSON message via POST method and sends a one word acknowledgement. It works perfectly fine in Postman tool. In JMeter, no. of threads (users) is kept as 25. It works perfectly fine one time with all 25 success response and at times getting few failure response as
Response code: Non HTTP response code: java.net.SocketException
Response message: Non HTTP response message: Unexpected end of file from server
No consistency at all. I have also tried with both enabling and disabling "use keepalive" checkbox. Both giving me all success one time ; few/all failure at another time with the above error. Please help. Thank you.
Below are the JMeter settings:
HTTP Header Manager : Content-Type - application/json
HTTPRequest sampler : protocol - HTTPS
Server Name or IP : project server name
Method : POST
PATH : The required path with https authentication details passed as parameters
IMPLEMENTATION : Set to JAVA (HTTPCLIENT4 was giving me “443 failed to respond” error)
Add header
Connection Keep-Alive
Both errors (Java implementation and Apache HTTPClient4 implementation), are essentially saying the same thing: The server closed the connection, without providing any response. I think there could be the following reasons:
Authentication problem. If server side checks authentication before processing a request (e.g. using Spring), it may be rejecting your request, it may be not bothering with any response if authentication is not considered correct.
Request Issue. Some less noticeable properties of the request you send via Jmeter are different from what you send in Postman. It could be some minor thing with formatting, or some headers server expects. Some of such inconsistencies can also cause Load Balancer (if you use one) to reject request before it's delivered to the server.
Certificate issues. Since you are using HTTPS, you need to make sure your certificate is setup correctly on JMeter side.
So I suggest:
Review server logs and see if your request makes it to the server. If yes, you might be able to see how it was rejected. If not, you need to trace back and see who rejected it (LB, authentication, etc)
Compare headers and body sent by JMeter vs Postman line to line (use TCPDump for example to obtain it).
While I am testing a web application, for some requests that are computational intensive on the server side, I would like to simulate the server response directly from a browser add-on. I would like to be able to configure the URL and set-up a JSON response that will be returned by the browser without sending the request to the server.
Does any of you know a good tool for this purpose ?
P.S. So far I am either changing the server code to simulate the response or changing the client code to return the response without triggering the request to server.
I'm working on extensions for Firefox and Chrome. The data used by my extensions is mostly generated from ajax requests. The type of data being returned is private, so it needs to be secure. My server supports https and the ajax calls are being sent to an https domain. Information is being sent back and forth, and the extensions are working correctly.
My questions are:
Do the extensions actually make secure connections with the server, or is this considered the same as cross domain posting, sending a request from a http page to a https page?
Am I putting my users' information at more risk during the transfers than if the user were to access the information directly from an https web page in the browser?
Thanks in advance!
The browser absolutely makes a secure connection when you use HTTPS. Certainly, a browser would never downgrade the security of your connection without telling you: it will either complete the request as written or it throw some sort of error if it is not possible.
Extensions for both Chrome and Firefox are permitted to make cross-domain AJAX requests. In Chrome, you simply need to supply the protocol/name of the host as a permission in your manifest.json. In Firefox, I think you may need to use Components.classes to get a cross-domain requester, as described in the MDN page for Using XMLHttpRequest, but I'm not 100% sure about that. Just try doing a normal request and see if it succeeds; if not, use the Components.classes solution.