amate
commented
5 years ago The problem was not reproduced in my environment. Proxydomo doesn't support HTTP/2, so there shouldn't be any HTTP/2 related messages coming from the server.
>>> ポート 62842 #359 : ブラウザ → Proxy(this)
GET /assets/js/main.js HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: ja-JP
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: authorzilla.com
Connection: Keep-Alive
>>> ポート 62842 #359 : Proxy(this) → サイト
GET /assets/js/main.js HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: ja-JP
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: authorzilla.com
Connection: Keep-Alive
>>> ポート 62842 #359 : Proxy(this) ← サイト
HTTP/1.1 503 Service Temporarily Unavailable
Date: Fri, 03 May 2019 21:41:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __cfduid=d3e718ba7a21047b4dc118cf325aa54601556919700; expires=Sat, 02-May-20 21:41:40 GMT; path=/; domain=.authorzilla.com; HttpOnly; Secure
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4d15667fd87eaf21-KIX
>>> ポート 62842 #359 : ブラウザ ← Proxy(this)
HTTP/1.1 503 Service Temporarily Unavailable
Date: Fri, 03 May 2019 21:41:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __cfduid=d3e718ba7a21047b4dc118cf325aa54601556919700; expires=Sat, 02-May-20 21:41:40 GMT; path=/; domain=.authorzilla.com; HttpOnly; Secure
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4d15667fd87eaf21-KIXI will raise the version of wolfssl in the next version.
Seems Proxydomo has some probs with pages protected by Cloudflare. When such a page is loaded, Cloudflare redirects to a security page, which then sets a security cookie, afterwards pages on that host can be accessed directly for a limited time. If I bypass Proxydomo it's working fine, but with Proxydomo the cookie gets never set, so I'm caught in an eternal loop, any request gets redirected to the security page. Here's an example:
https://authorzilla.com/assets/js/main.js
If Proxydomo is bypassed, the request looks like this (FF 67.0a1, but problem occurs in IE 11 too):
Request by browser:
Host: authorzilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-GB,en-US;q=0.8,en;q=0.6,de-DE;q=0.4,ru;q=0.2 Accept-Encoding: gzip, deflate, br Referer: https://authorzilla.com/assets/js/main.js DNT: 1 Connection: keep-alive Cookie: __cfduid=d82473a0b1dbbc4a0541ed36a4e62307f1556511089 Upgrade-Insecure-Requests: 1 TE: Trailers
Reply by server:
HTTP/2.0 302 Found date: Mon, 29 Apr 2019 04:11:39 GMT content-type: text/html content-length: 159 set-cookie: cf_clearance=3a73ca5060b15fad09d5cc8d7049838745a23166-1556511099-1800-150; path=/; expires=Mon, 29-Apr-19 05:41:39 GMT; domain=.authorzilla.com; HttpOnly location: /assets/js/main.js server: cloudflare cf-ray: 4cee6ee34ef0235a-FRA x-frame-options: SAMEORIGIN X-Firefox-Spdy: h2
But if I use Proxydomo, it sends the following message to the browser (notice that the set-cookie header is missing) :
HTTP/1.0 200 Connection established date: Mon, 29 Apr 2019 04:11:35 GMT content-type: text/html content-length: 159 location: /assets/js/main.js server: cloudflare cf-ray: 4cee6ec97c53235a-FRA x-frame-options: SAMEORIGIN X-Firefox-Spdy: h2
Maybe WolfSSL is outdated? I'm using Proxydomo 1.107 (WolfSSL 3.15.3)
Also, my FF list the following junk message for every page I access thru Proxydomo, it's annoying:
server does not support RFC 5746, see CVE-2009-3555
I checked WolfSSL website, they fixed this problem, it seems. Guess recompiling Proxydomo with the newest WolfSSL would fix this problem.