Closed Gitusersomegie closed 8 years ago
hmmm... I cannot reproduce:
$ curl -v -x localhost:4444 http://zzz.i2p/
* Trying ::1...
* Connected to localhost (::1) port 4444 (#0)
> GET http://zzz.i2p/ HTTP/1.1
> Host: zzz.i2p
> User-Agent: curl/7.49.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< X-Runtime: 198
< Content-Length: 34297
< ETag: "c648fb77f5d9727e5d37fde556c5c7cf"
< Cache-Control: private, max-age=0, must-revalidate
< Connection: close
< Date: Tue, 31 May 2016 14:35:55 GMT
< Server: lighttpd/1.4.35
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="generator" content="http://github.com/trevorturk/eldorado/" />
<meta name="description" content="zzz.i2p: Development discussions" />
<title>zzz.i2p: Development discussions</title>
<!-- I2P
<link href="http://zzz.i2p/articles.rss" rel="alternate" title="Blog" type="application/rss+xml" />
-->
<link href="http://zzz.i2p/topics.rss" rel="alternate" title="Forum" type="application/rss+xml" />
<!-- I2P
<script src="/javascripts/all.js?1414346321" type="text/javascript"></script>
-->
<script src="/javascripts/all.js?1414346321" type="text/javascript"></script>
<style type="text/css">.header { background: url('/headers/randomactsofcode.png'); }</style>
<style type="text/css">@import url('/themes/red2.css');</style>
<script type="text/javascript">
hljs.initHighlightingOnLoad();
</script>
</head>
<body>
...
are you using the i2p socks proxy?
Yes tried with the http proxy didn't get a 403 should probably change the bug to sites like zzz and stats consider i2pd's socks proxy to be a Inproxy
I have seen that when using the socks proxy some headers are included that may trigger the inproxy filter. Would have to check java i2p to see which ones those are.
Ok, it turns out it rejects the client because the socks proxy doesn't change the UA to a UA with MYOB at the start says if (!ua.startsWith("MYOB"))
in
/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java
from the source tarball
It's supposed to be implemented in HTTP proxy, not sure about socks.
Must not be, changing my browser's UA to "MYOB/6.66 (AN/ON)" and going to the site using the socks proxy works, no 403.
Just in case you need to reproduce this problem faster, curl supports changing your UA which I couldn't find a day ago in the man page.
curl -v --socks5-hostname 127.0.0.1:4447 http://zzz.i2p
* Rebuilt URL to: http://zzz.i2p/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 4447 (#0)
> GET / HTTP/1.1
> Host: zzz.i2p
> User-Agent: curl/7.49.0
> Accept: */*
>
< HTTP/1.1 403 Denied
< Content-Type: text/html; charset=iso-8859-1
< Cache-control: no-cache
< Connection: close
< Proxy-Connection: close
<
<html><head><title>403 Denied</title></head>
<body><h2>403 Denied</h2>
<p>Inproxy access denied. You must run <a href="https://geti2p.net/">I2P</a> to access this site.</p>
* Closing connection 0
</body></html>
curl -v -A "MYOB/6.66 (AN/ON)" --socks5-hostname 127.0.0.1:4447 http://zzz.i2p
* Rebuilt URL to: http://zzz.i2p/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 4447 (#0)
> GET / HTTP/1.1
> Host: zzz.i2p
> User-Agent: MYOB/6.66 (AN/ON)
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< X-Runtime: 332
< Content-Length: 34290
< ETag: "acad8f219c705e9b3dd475a0202ffe2f"
< Cache-Control: private, max-age=0, must-revalidate
< Connection: close
< Date: Wed, 01 Jun 2016 15:41:40 GMT
< Server: lighttpd/1.4.35
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="generator" content="http://github.com/trevorturk/eldorado/" />
<meta name="description" content="zzz.i2p: Development discussions" />
<title>zzz.i2p: Development discussions</title>
<!-- I2P
<link href="http://zzz.i2p/articles.rss" rel="alternate" title="Blog" type="application/rss+xml" />
-->
<link href="http://zzz.i2p/topics.rss" rel="alternate" title="Forum" type="application/rss+xml" />
I'm Cutting it not using a pastebin with this!
SOCKS Proxy should not change transmitted data, it's simple data-pipe.
In case of http-proxy your browser simple connects to some address/port, and send a request, then proxy try to detect from this request the host you want to connect.
Socks proxy works differently: you explicitly request connection to some host and then send your data unchanged untill connection close.
If you want to use socks for http - use additional software like polipo/privoxy, which will multiplex connections for different domains for you. Otherwise it will be inefficient.
@hagen-i2p Yeah, I jumped the gun on this bug report a tiny bit, should of dropped it after I found out that the http proxy filters the UA but socks doesn't for being a data-pipe.
I mainly forgot about something I read a year ago when I used normal i2p, which I found again http://zzz.i2p/topics/1989-i2p-leaking-browser-information-during-addresshelper-requests
Regardless something I did learn is privoxy is able to also filter out the UA via an actions config, which is also able to use wild cards "*.i2p". ...even after using it for 4 years
I would like it if privoxy would implement a socks5p like the socks5t they did for tor, so that all the configuration for i2p's socks is auto... This doesn't seam to be in there todo list http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup
"403 Denied
Inproxy access denied. You must run I2P to access this site."
Is what happens when you try to go to those sites.