search

genotrance / px

An HTTP proxy server to automatically authenticate through an NTLM proxy
MIT License
955 stars 99 forks source link

"Empty" GET-Request ("GET / HTTP1.1") causes exception #228

Open JoeyVinc opened 4 weeks ago

JoeyVinc commented 4 weeks ago

When PX gets an GET-header which is not set (or "/") although the HOST header is set, PX throws an exception. Expected behavior: if an HOST header is set accept it as target address.

Example:

curl -v \
   -H "Host:example.com" \
   -H "Forwarded:for=192.168.178.23;proto=http;host=example.com" \
   -H "X-Real-IP:192.168.178.23" \
   -H "X-Forwarded-For:192.168.178.23" \
   -H "X-Forwarded-Proto:http" \
   http://192.168.178.23:3128

PX runs on local machine (192....:3128); requested host is example.com

Log:

* Trying 192.168.178.23:3128...
* Connected to 192.168.178.23 (192.168.178.23) port 3128 (#0)
> GET / HTTP/1.1
> Host:example.com
> User-Agent: curl/7.81.0
> Accept: */*
> Forwarded:for=192.168.178.23;proto=http;host=example.com
> X-Real-IP:192.168.178.23
> X-Forwarded-For:192.168.178.23
> X-Forwarded-Proto:http
>
* Empty reply from server
* Closing connection 0
curl: (52) Empty reply from server

Debug-Log of PX:

Process-1: MainThread: 1729448331: /_handle_request_noblock/verify_request/dprint: Client address: 192.168.178.23
Process-1: MainThread: 1729448331: /_handle_request_noblock/verify_request/dprint: Host-only IP allowed
Process-1: Thread_0: 1729448331: /do_curl/do_client_auth/dprint: No client authentication required
Process-1: Thread_0: 1729448331: /do_curl/__init__/dprint: e36a4173bf6dfec31f2fabd0fb81a953e968a627: New curl instance
Process-1: Thread_0: 1729448331: /__init__/_setup/dprint: e36a4173bf6dfec31f2fabd0fb81a953e968a627: GET / using HTTP/1.1
Process-1: Thread_0: 1729448331: /do_GET/do_curl/dprint: e36a4173bf6dfec31f2fabd0fb81a953e968a627: Path = /
----------------------------------------
Exception occurred during processing of request from ('192.168.178.23', 3414)
[...]    netloc = (spl[0], int(spl[1]))
                      ^^^^^^^^^^^
ValueError: invalid literal for int() with base 10: '///'
genotrance commented 2 weeks ago

Px is a proxy so it expects curl --proxy http://192.168.178.23:3128 style of usage. The Host header is for virtual hosting, not forwarding. Can you please explain why you expect this to work?

JoeyVinc commented 2 weeks ago

I used CURL just to make the issue visible. In fact I use nginx as a proxy/router in my docker configuration. At the moment I use the stream-support of nginx to route proxy requests to another local running "px" instance (which does re-route the request to another company proxy).

client --> nginx --> px --> company proxy

Due to the fact, that the stream func of nginx cannot "manipulate" HTTP requests (e.g. add header data or route a URL-X to a URL-B) the idea is, to use instead of a stream a normal HTTP request (with Proxy-headers).

An there we are: HTTP GET requests in NGINX always begins with a "\" --> nginx itself try to send this request to the local PX instance. Therefore we get an empty (or only a backslash) GET request. This is what I replayed with CURL.

genotrance commented 1 week ago

I won't claim to really understand the setup above. Is this something that is supported by HTTP or by proxies in general? Any documentation to that order will help proceed on a generic way to solve this.