How to "ignore" a request?

[AntogamerYT]

Hi, I come from fiddler classic where i extensively used FiddlerScript to do most of my stuff.

I'm trying to do a proxy which redirects some domains through path, and i've already done that, but I want to ignore all requests that don't match the regexes i use to match the path (by basically telling the client to make the request itself)

On Fiddler, i can do this with oSession.Ignore() (https://docs.telerik.com/fiddlercore/api/fiddler.session#Fiddler_Session_Ignore), but is there a way to do it on mockttp too?

[pimterry]

It depends exactly what you want to do really. There's a two main options you might be interested in I think:

• You can use TLS passthrough to match incoming connections by the name in the initial TLS handshake and proxy them without any interception at all. That's configured as a server-wide option, something like getLocal({ https: { tlsPassthrough: [{ hostname: 'example.com'}]}
• You can intercept individual requests within connections and then match some (or all) requests to proxy them through unchanged, with a passthrough rule, e.g. proxy.forUnmatchedRequest().thenPassthrough()

In the first case, you can only match on the server name indication (SNI) from the TLS handshake, but then all traffic on that connection is passed through totally unintercepted (so the client won't even need to trust your CA certificate). That's very clean, but the matching is limited (you can't see the request details, just the initial hostname), there's no interception possible (zero request inspection, modification, etc), and it applies to the entire connection (which may have multiple requests involved, all going to the same server).

In the second case, you're still intercepting the traffic (handling TLS, effectively processing and resending the request & response between the client & server) but no changes are made. That isn't totally invisible to the client (for HTTPS, they need to trust your CA) but it's much more powerful, and you can define rules to precisely control this and add special cases any way you like for each individual request.

Does that work for you?

[AntogamerYT]

The first option is exactly what i'm looking for, i'm doing a proxy for jailbroken nintendo switches but i still need the switch to connect to nintendo's servers the servers use a custom ssl certificate that's unique to every nintendo switch to authenticate, so if i intercept the request the connection won't work thanks, i'm gonna test and let you know

[AntogamerYT]

Yep that works, thanks again!