Reputation: 1
Still can not handle HTTPS request in proxy servlet
I have developed a proxy servlet under Tomcat, the servlet receive the request from client and and forward to another proxy server, before forwarding, it will authenticate with the proxy server. Now it can process the HTTP request very well but can not receive the HTTPS request. So this proxy servlet is not perfect.
I have searched google and read many posts in this forum, esp this one:
Developing a proxy servlet that can handle HTTPS connections
I configured the Tomcat to listen on port 8443, as follows:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" redirectPort="8080"/>
I deployed the servlet within eclipse, locally, and I set the browser proxy to 127.0.0.1:8080, but bypass it for localhost.
When I browse https:// localhost:8443/ I can see the https request received in servlet log(by calling request.getScheme() and request.isSecure()). But if i browse https://www.google.com, it can not get connected and my proxy servlet didn't catch the request.
I also override the service() method and print the request.getMethod() and still failed to catch the HTTPS request.
What should I do?
All I want is get the HTTPS request and add the authentication and forward to the next proxy server.
Thanks
Upvotes: 0
Views: 1816
Answers (1)
Reputation: 78653
That's not the way SSL proxies work. If you set your HTTPS proxy to localhost:8080, then your browser will dutifully connect to localhost:8080 and use the CONNECT verb to tunnel SSL traffic through the HTTP proxy connection. Without doing this, SSL wouldn't be particularly secure and any proxy server administrator could trivially read one's credit card details next time someone decided to buy something from Amazon or check their bank balance or sign up for a recurring-payment adult entertainment web site or whatever it is that people do that requires SSL these days.
It doesn't appear that you've told your browser anything about this new SSL proxy on port 8443, so I'm not sure why you think it would be used. It won't. You may be able to tell your browser to use an SSL-based proxy server - ie, set your proxy ashttps://localhost:8443, but even then it will use CONNECT-based SSL tunneling, so there's really no point except still slower connections.
If all you really need to do is forward this request on to another proxy, you need to forward the CONNECT method to the upstream proxy and include the appropriate authentication information.
Upvotes: 1
Related Questions
- How do a send an HTTPS request through a proxy in Java?
- how to configure on Apache proxy (SSL conection) to Tomcat
- Why does my Java servlet filter not work over HTTPS?
- HTTP Proxy Servlet Error
- ProxyPass for https not working
- Spring web and tomcat with https
- HTTPs over a proxy with apache http client
- Developing a proxy servlet that can handle HTTPS connections
- HTTPS issue with TOMCAT running behind Apache
- Tomcat: Issue with redirecting from HTTP to HTTPS