Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-5058

Broken HTTPS connect on forward proxy

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 7.1.0
    • Parent Proxy, TLS
    • None

    Description

      Commit cf58a91ccd3048f3f0a540463ad8609ae2ce1209 (TS-5040) broke forward proxy connectivity to HTTPS sites.
      Previous behaviour: ATS would create a TLS connection to origin server
      Current behaviour: ATS issues a "CONNECT host:port" command (in the clear) to the server, which is rejected by the server.

      (Tested against commit 79ef0d5980b168c5d3292e180ba15f458fe5bea9 as one example of "previous")

      Both values for proxy.config.http.forward_connect_method (0 and 1) exhibit this behaviour.

      Using default configuration, plus forward proxy:

      1. https://docs.trafficserver.apache.org/records.config#url-remap-rules
      2. https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html
        ##############################################################################
        -CONFIG proxy.config.url_remap.remap_required INT 1
        +CONFIG proxy.config.url_remap.remap_required INT 0
      3. https://docs.trafficserver.apache.org/records.config#proxy-config-url-remap-pristine-host-hdr
        CONFIG proxy.config.url_remap.pristine_host_hdr INT 0
      4. https://docs.trafficserver.apache.org/records.config#reverse-proxy
        -CONFIG proxy.config.reverse_proxy.enabled INT 1
        +CONFIG proxy.config.reverse_proxy.enabled INT 0

      Behaviour can be viewed by logging network traffic (tcpdump port 443).

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. TS-5040 Forward CONNECT methods without parent proxying.

          • Major - Major loss of function.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. TS-5040 Forward CONNECT methods without parent proxying.

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1228

          Activity

            People

              jamespeach James Peach
              craigba Craig B
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m