>>>>> Juliusz Chroboczek <j...@pps.univ-paris-diderot.fr> writes:
>> I’d like to share a few thoughts regarding this update to [1]. > I've rephrased "polipo is obsolete" to "polipo is no longer > maintained". ACK, thanks for the clarification. >>> Since then, the web has changed, and HTTP proxies are no longer >>> useful: most traffic is encrypted, and a web proxy merely acts as a >>> dumb intermediary for encrypted traffic. >> I guess it’s possible to use ‘sslstrip’ as the parent proxy to >> Polipo to overcome this issue. > MITM the SSL in the proxy? SSL is designed to be end-to-end, by > MITM-ing it you're breaking browsers' expectations – stuff will > break, I promise. The point is that there’s no TLS between the proxy and the client. In essence, when an HTTP client issues a (non-TLS) HTTP request to sslstrip for http://example.com/, and the proxy (upon forwarding it to the example.com server) gets a Location: https://example.com/ redirect, sslstrip effectively /suppresses/ said redirect, fetches the resource (over HTTPS) by itself, and returns it to the user – /in place/ of the intended redirect. And sslstrip appears to be rather thorough in its function. For instance, per the documentation, it can replace https: URIs referenced (whether <a href= />, <img src= />, or <link href= />) in the HTML it serves with the respective http: ones. I assume that if one wants to read Wikipedia using a non-TLS-capable user agent, sslstrip is nearly the only hope. […] >>> • if you need your HTTP traffic to originate from a remote IP >>> address, use a VPN or a SOCKS5 proxy; >> I know of no easy way to route HTTP(S) traffic originating from >> different user agent processes via different VPNs (some of the >> command-line HTTP clients aside.) > Yeah, it's tricky. "ip[6]tables -m owner --gid-owner", and sg the > user-agent. Or perhaps "ip[6]tables -m cgroup". The latter seems preferable, as sg(1) can only be performed when the process is started, and cgroups can be changed anytime. However, it’s still way easier to use an HTTP proxy instead. If anything, that doesn’t require access to extra groups, or root. >> Also, SOCKS5 support in Web user agents seems a tad uncommon. >> (I don’t see it implemented in GNU Wget, for example.) > Use curl? My guess is that there’re a number of other software packages that do implement support for HTTP proxies, but not SOCKS. Git, mpg123(1) and whatever HTTP library Libxslt uses come to mind. >>> • if you need HTTP/1.1 pipelining, you're out of luck. The >>> official answer is "use HTTP/2 instead", >> Where is that stated? > That's what I was told when I complained about lack of pipelining in > Go's HTTP library. I've rephrased the page. Well, per the Wikipedia article linked, there’re HTTP client libraries for other languages that /do/ support pipelining. >>> but HTTP/2 will remain only moderately useful until it has good >>> support for either unencrypted connections or opportunistic >>> encryption. >> Given the general lack of interest in supporting non-TLS HTTP/2, I’d >> say that HTTP/1.1-only caching proxies will still be relevant for >> the foreseeable future. > Agreed. Ivan, while *I* am not going to work on Polipo any more, the > code is still available – I'd be thrilled to see somebody take it > over. On my part, I’d be thrilled to finally get some spare time to contribute to a free software project or two. (Or at least to try implementing a few bizarre things in said projects.) Unfortunately, the prospects of that happening in the foreseeable future look incredibly dim. -- FSF associate member #7257 58F8 0F47 53F5 2EB2 F6A5 8916 3013 B6A0 230E 334A ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Polipo-users mailing list Polipo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/polipo-users