> On Mar 12, 2017, at 7:50 PM, salil GK <[email protected]> wrote: > > Any help on this would be really great . > > I have my setup like the follows. > > Client machine -> ATS 1 as forward proxy -> ATS 2 as a forward proxy -> > Origin server > > I am doing proxy chaining . ATS 2 is configured as parent proxy. and there is > a ssh tunnel between ATS1 and ATS2. > > When I send a http request from my client every thing works perfect and I > client gets the requested content. > > But when I send https request from my client, ATS1 sends back 403 Access > denied. > > I guess we need to make some settings for ATS to forward CONNECT method.
CONNECT is enabled by default. You need fo figure out who is giving the 403 response. Check ATS access logs, and packet trace from each hop if you have to. Knowing where the 403 comes from will help you figure out what your next step is. > > Can I get some help on configuring ATS for allowing https request to be > forwarded . > > If I need to upload the origin server certificate in ATS, that is also > possible. > > I don't need to make this setup as an open proxy. Only designated origin > server will be supported. > > Thanks in advance > ~S > > > > On 9 March 2017 at 04:44, salil GK <[email protected]> wrote: > Thanks James for pitching in . > > So the point is I want to get a https request delivered to the origin server > through my proxy. Now it is being dropped I guess . How do I get it done ? > > Thanks in advance > ~S > > On 8 March 2017 at 22:34, James Peach <[email protected]> wrote: > > > On Mar 8, 2017, at 2:48 AM, salil GK <[email protected]> wrote: > > > > Basically while analysing the traffic, what I observed is when I access > > http site the header http header coming as > > > > ^MHTTPMSG:^M|GET http://10.106.251.95/ HTTP/1.1^MHost: > > 10.106.251.95^MUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; > > rv:51.0) Gecko/20100101 Firefox/51.0^MAccept: > > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8^MAccept-Language: > > en-US,en;q=0.5^MAccept-Encoding: gzip^MCookie:<CONCEALED>^MConnection: > > keep-alive^MUpgrade-Insecure-Requests: 1^M^M|^M > > > > > > > > where as for https access the http header comes as > > > > ^MHTTPMSG:^M|CONNECT 10.106.251.95:443 HTTP/1.1^MUser-Agent: Mozilla/5.0 > > (Macintosh; Intel Mac OS X 10.10; rv:51.0) Gecko/20100101 > > Firefox/51.0^MProxy-Connection: keep-alive^MConnection: keep-alive^MHost: > > 10.106.251.95:443^M^M|^M > > > > and servers return > > Msg="HTTP/1.1 403 Access Denied" > > > > back to browser > > > > How do I configure ATS to pass https request to the origin server ? > > This is a user agent behavior. When user agents make a HTTPS request through > a proxy they will use the CONNECT method to establish an end-to-end secure > tunnel to the origin. > > > > > Thanks in advance > > ~S > > > > On 8 March 2017 at 14:40, salil GK <[email protected]> wrote: > > Hello > > > > We were trying to set up a forward proxy. I have my remap entry as below. > > > > > > > > >> > > > > regex_map http://(.{3,1023})/ http://$1/ > > @plugin=ts_httpallow_remap_plugin.so > > @pparam=/etc/trafficserver/etc/httpallowlist.txt @pparam=forwardproxy > > > > << > > > > > > > > Httpallow_remap_plugin is used for filtering the origin server. > > > > If I access an external http site using this server a proxy, every thing > > works. > > > > > > > > >> > > > > regex_map https://(.{3,1023})/ https://$1/ > > @plugin=ts_httpallow_remap_plugin.so > > @pparam=/etc/trafficserver/etc/httpallowlist.txt @pparam=forwardproxy > > > > << > > > > > > > > > > When I access an https site using this server as my proxy server, it > > doesn’t work. Also the control doesn’t reach httpallow_remap_plugin also. > > It always shows access denied. > > > > > > > > What could be the problem ? > > > > > > > > Thanks in advance > > > > ~S > > > > > > >
