Problem with proxy rpc over http

[nonbutAworker]

Hi Team:

I want to proxy my on-premise exchange server, most of the mail protocol works fine, like owa,ews,activeSync etc. But when I try to proxy Fox mail(windows version) as client, who use rpc over http protocol communicate with exchange server, it didn't work

my caddy version

root@iv-yd52e0x88wcva4f3dnl0:/etc/caddy# caddy version
2.6.2

my caddy file

mail.chouyulanxia.com:443 {
        reverse_proxy https://bricking.com.cn {
            transport http {
                tls
                tls_insecure_skip_verify
            }
            header_up Host bricking.com.cn
        }
}

error log

2024/05/09 09:44:17.116 ERROR   http.log.error  stream error: stream ID 35; HTTP_1_1_REQUIRED; received from peer       {"request": {"remote_ip": "114.251.196.102", "remote_port": "54646", "proto": "HTTP/1.1", "method": "RPC_IN_DATA", "host": "mail.chouyulanxia.com", "uri": "/rpc/rpcproxy.dll?94d75396-dd09-4243-b6ef-bb0eb8fbf082@sealsuit.com:6001", "headers": {"Content-Length": ["0"], "Authorization": [], "Cache-Control": ["no-cache"], "Connection": ["Keep-Alive"], "Pragma": ["no-cache"], "Accept": ["application/rpc"], "User-Agent": ["MSRPC"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "mail.chouyulanxia.com"}}, "duration": 0.009272055, "status": 502, "err_id": "uvcg0yb2w", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2024/05/09 09:44:17.184 ERROR   http.log.error  stream error: stream ID 37; HTTP_1_1_REQUIRED; received from peer       {"request": {"remote_ip": "114.251.196.90", "remote_port": "54647", "proto": "HTTP/1.1", "method": "RPC_OUT_DATA", "host": "mail.chouyulanxia.com", "uri": "/rpc/rpcproxy.dll?94d75396-dd09-4243-b6ef-bb0eb8fbf082@sealsuit.com:6001", "headers": {"Authorization": [], "Cache-Control": ["no-cache"], "Connection": ["Keep-Alive"], "Pragma": ["SessionId=95a4548b-a313-48b0-9df0-0132e36690bf, SessionId=95a4548b-a313-48b0-9df0-0132e36690bf"], "Accept": ["application/rpc"], "User-Agent": ["MSRPC"], "Content-Length": ["0"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "mail.chouyulanxia.com"}}, "duration": 0.009309064, "status": 502, "err_id": "p79cv5q0r", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}

any help would be appreciated !

[mholt]

Can you show us the request using curl -v (its input and output) that has an error? That will make it possible for us to help debug it with you.

[nonbutAworker]

I tried using curl to requesting, but it didn't work. I think because of it's not normal http method like GET, POST. and also this request need to authenticate with NTLM Authentication, which request several requests in the same seesion to negotiate, single curl commod may couldn't do that

$curl --location --request RPC_IN_DATA 'https://bricking.com.cn/rpc/rpcproxy.dll?94d75396-dd09-4243-b6ef-bb0eb8fbf082%40sealsuit.com%3A6001=null'
curl: (43) Failed sending HTTP request

But I reproduction the request in Postman Request directly to exchange server ( I have set DNS, maybe you can directly request this domain): Request URL: https://bricking.com.cn/rpc/rpcproxy.dll?94d75396-dd09-4243-b6ef-bb0eb8fbf082@sealsuit.com:6001 Request Method: RPC_IN_DATA (need to manually input) Authentication Type: NTLM Username: zhangzhe@sealsuit.com Password: Test@123

And keep everything else the same, just change domain to mail.chouyulanxia.com(I also set DNS, maybe you can directly request this domain). This domain is caddy server, and you can see the reponse came with error

[francislavoie]

I think you need this plugin then, if this involves NTLM https://github.com/caddyserver/ntlm-transport

[mholt]

Yeah. NTLM is not HTTP. You can see if that plugin helps.

[nonbutAworker]

Thanks ,It works! turns out it failed because can not proxy ntlm authentication, instead of can not proxy RPC_IN_DATA request method