Hi Willy,
Is there a way we can accomplish this with the http-request lua hook on
haproxy?
For example, on the process_connect lua function:
- Process the HTTP CONNECT method and extract the target server+port- Establish
a secure socket connection with the target server+port- Reply the client with
HTTP 200 and wrap the connection over ssl- Read the next HTTP command from the
client and forward it to the server
Thanks for your help!
On Thursday, August 6, 2015 10:57 PM, Willy Tarreau <w...@1wt.eu> wrote:
Hi,
On Thu, Aug 06, 2015 at 07:25:42PM -0700, Bowen Ni wrote:
> Hi,
>
>
> I am trying to use HAProxy as a man-in-the-middle proxy for HTTPS
> traffic. When doing an HTTPS request over HAProxy, it tries to tunnel
> the HTTPS request using an HTTP CONNECT request and the HTTP CONNECT
> request is passed to backend server directly. My problem is that the
> response of the CONNECT request I got from HAProxy is always 4XX. For
> example: 403 Tunnel Forbidden, 400 Bad Request. I have tried many
> backends and none of them give me 200. Am I missing anything?
It's not haproxy which returns this but the next server which receives
the CONNECT request. Haproxy is not a forward proxy, so it will not :
- resolve host names in uri to decide where to forward the connection ;
- extract the tunnel from a CONNECT request
If you want a forward proxy, simply use squid. It's the expert in this
role and works pretty well. You can even put haproxy in front of it if
you want.
Hoping this helps,
Willy
