I'm unable to get my application utilizing web sockets to work.
I have a site www.example.com which uses an anti-DDoS service so it resolves to IP X.X.X.X. The real address of the server is Y.Y.Y.Y. The anti-DDoS service does not proxy web sockets traffic so I wanted to stream it directly to the real address (it's difficult to find it for attack in reality so this will work) so what I did is instead of pointing it to ws://www.example.com:100/, I pointed it to ws://Y.Y.Y.Y:100/.
Now if I access my application by the real IP (http://Y.Y.Y.Y), it connects to ws://Y.Y.Y.Y:100/ just fine but if I use http://www.example.com link (which resolves to X.X.X.X), ws://Y.Y.Y.Y:100/ won't connect saying "WebSocket connection to 'ws://Y.Y.Y.Y:100/' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED".
I guess this has something to do with security but I don't know what exactly. Please help.
Maybe the websocket server sees the domain in Origin HTTP header different than the domain in the Host HTTP header and it is refusing the connection because of that. The Origin header is usually used to figure out if the connection is coming from an allowed website, since websockets are not under the Same Origin Policy.
The request that works will look like this:
GET / HTTP/1.1
Host: YYYY
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==
Sec-WebSocket-Version: 13
Origin: http://YYYY
The request that is refused will look like this:
GET / HTTP/1.1
Host: YYYY
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==
Sec-WebSocket-Version: 13
Origin: http://www.example.com
It is hard to tell with this little information. Don't you get any error in the server logs?
Related
I have build a Go server using Echo framework, i get TLS certificades and a domain name, but when i try a request i get the message "Client sent an HTTP request to an HTTPS server." and when i try acces the server from the IP address of the EC2 using the port 443, it says that the connection is not secure:
And when i change the server to the port 80 to acces through the domain name, i get the following error:
I'm starting the server using the StartTLS func
e.Logger.Fatal(e.StartTLS(":80", "/etc/letsencrypt/live/anltcsprod.enrtt.com/fullchain.pem", "/etc/letsencrypt/live/anltcsprod.enrtt.com/privkey.pem"))
Is it something wrong with my domain or certificade?
Port 80, by default, communicates over HTTP. 443 is reserved for HTTPS traffic. Assuming nothing else is wrong, you should be able to simply change your e.StartTLS() to this:
e.Logger.Fatal(e.StartTLS(":443", "/etc/letsencrypt/live/anltcsprod.enrtt.com/fullchain.pem", "/etc/letsencrypt/live/anltcsprod.enrtt.com/privkey.pem"))
For example localhost:4000
Instead use https://localhost:4000
I have googled and searched all over but I am still having trouble getting connected to a site using the ftpzilla
I am getting this read out when I try to connect to the server using the network connection wizard
Connecting to probe.filezilla-project.org
Response: 220 FZ router and firewall tester ready
USER FileZilla
Response: 331 Give any password.
PASS 3.9.0.6
Response: 230 logged on.
Checking for correct external IP address
Retrieving external IP address from
http://ip.filezilla-project.org/ip.php
Checking for correct external IP address IP 173.56.114.112
bhd-fg-bbe-bbc
Response: 200 OK
PREP 60010
Response: 200 Using port 60010, data token 1063172065
PORT 173,56,114,112,234,106
Response: 200 PORT command successful
LIST
Response: 150 opening data connection
Response: 503 Failure of data connection.
Server sent unexpected reply.
Connection closed
The weird thing is I only get this error for this particular server and the server I use for my personal site (namecheap.com) gives me no such error. Does anyone know why this may be happening? And please try not to point me to the network configuration wiki because I have read through that and I still am at this point.
PORT 173,56,114,112,234,106
....
Response: 503 Failure of data connection.
...
please try not to point me to the network configuration wiki
You are using active mode, that is the ftp client (FileZilla) waits for a connection from the server. Obviously the server can not connect to the client which indicates that something like a firewall restricts the connection.
Since according to your description this happens only with few servers, you either use only these servers with active mode or these servers are protected by firewalls which do not allow active mode. Have you tried with passive mode?
I had a similar issue connecting and made the following changes and had success.
Go to File>>>Site Manager>>>
For my site, I changed the Encryption to "Only use plain FTP(insecure)" and had success. May you find the same success.
I enabled "Decrypt HTTPS traffic" and "Ignore server certificate errors" in Fiddler but the traffic of one website is not being showed.
This is the error that Fiddler is returning:
[Fiddler] The connection to '...' failed. System.Security.SecurityException Failed to negotiate HTTPS
connection with server.fiddler.network.https> HTTPS handshake to
... failed. System.IO.IOException Received an unexpected EOF
or 0 bytes from the transport stream.
I remember that I could ignore this error in Fiddler script, but I really don't remember.
Does anyone know what's going on?
Thanks! =)
What is the site's URL?
It is probably caused by either of these two issues: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx or http://blogs.msdn.com/b/fiddler/archive/2012/03/29/https-request-hangs-.net-application-connection-on-tls-server-name-indicator-warning.aspx
The old workaround is to configure Fiddler to only use SSL3 when talking to the host in question. The newer workaround is to either use Fiddler4 with the latest .NET4.5.2 framework, or if you're using Fiddler 2.5.1, see the "SNI Hack" section of http://www.telerik.com/blogs/what-s-new-in-fiddler-4-5-1
In your OnBeforeRequest event handler, add the following code to fix the issue for certain sites:
if (oSession.HTTPMethodIs("CONNECT") && oSession.HostnameIs("BuggySite.com"))
{
oSession["https-DropSNIAlerts"] = "yup";
FiddlerApplication.Log.LogString("Legacy compat applied for request to BuggySite.com");
}
A bit late for the poster unfortunately but I just needed to add tls1.2:
Tools
Options
HTTPS
Protocols
Add tls1.2 to the end of the list and click ok
I was seeing the following exception:
System.Security.SecurityException Failed to negotiate HTTPS connection
with server.fiddler.network.https. HTTPS handshake to
api.etadirect.com (for #9) failed. System.IO.IOException Unable to
read data from the transport connection: An existing connection was
forcibly closed by the remote host. An existing connection was
forcibly closed by the remote host
I was able to fix it by enabling the TLS1.2 protocol which is not enabled by default for outgoing connections
Tools -> Options -> HTTPS -> click on protocols list
I wrote a websocket server in c++ that works fine with websocket protocol 00 (the one with key1, key2 in handshake header).
Now with the new update I am trying to do the same for the new way handshaking work. Here is my server response to the handshake request:
"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: " + serverKey + "\r\n\r\n";
in which serverkey is computed correctly. As an example:
handshake request:
GET /test HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Host: 192.168.123.102:8585
Sec-WebSocket-Origin: http://192.168.123.5
Sec-WebSocket-Key: YB0mPvJ5t8ggCeGUWY39uQ==
Sec-WebSocket-Version: 8
handshake response header :
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: xt9iyCNryQTseELUkHPWjzxA2ts=
I also check my algo with the example here https://datatracker.ietf.org/doc/html/draft-ietf-hybi-thewebsocketprotocol-08 and it produced the exact same response.
However I still get the following error:
"Error during WebSocket handshake: Sec-WebSocket-Accept mismatch"
I am using chrome 15 as my browser.
Do you have any Idea what goes wrong?
(also in chrome inspector Network, it does not show the response which is the case when it does not accept the handshake (even with older versions))
I actually found out what was the primary problem.
the key that I used for base64 encoding was
YB0mPvJ5t8ggCeGUWY39uQ==
258EAFA5-E914-47DA-95CA-C5AB0DC85B11
instead of
YB0mPvJ5t8ggCeGUWY39uQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11
an extra \n was the whole problem.
HOWEVER, Now that I receive the Connected message (ws client is successfully connected to ws sever) I cannot send or receive anything. The problem is server side.
DO you know what are the server side changes since older websocket protocol? I only change my handshake respond and it doesnt seem enough.
There is a different framing protocol for when the client sends data. Previously it was quite simple. Now it is much more complicated. Please refer to the websockets rfc6455 spec.
https://www.rfc-editor.org/rfc/rfc6455#section-5.2
I have finished http protocol via the socket class according to rfc2616 protocol, but how to connect https protocol and send data to server using the socket class?
When i connected https server https://www.example.com, I always get 404 error. The following is the socket command that to send to server https://www.example.com/
GET / HTTP/1.1 Host: www.example.com
the default always use http protocol
I found connected to https server need to use a connect command instead of the Get command and a client certificate. for example:
CONNECT login.example.com:443 HTTP/1.0
Major Version: 3
Minor Version: 1
......
I will try to use the connect command. Thanks for your replies.
==================================================
OK,i have solved my problem ,use the SLStream class.
NetworkStream networkStream=new NetWorkStream(socket)
var stream=New SslStream(networkStream)
.......
Now, will can read stream and write stream, until finished.