I think I found the issue with my setup - There were two issues - proxy.config.http.connect_ports was set to NULL. I have set that to 443
Next issue was ip_allow.config file didn't have CONNECT method allowed. After setting that to ALL methods, things started working. Thanks ~S On 13 March 2017 at 09:21, James Peach <[email protected]> wrote: > > > On Mar 12, 2017, at 7:50 PM, salil GK <[email protected]> wrote: > > > > Any help on this would be really great . > > > > I have my setup like the follows. > > > > Client machine -> ATS 1 as forward proxy -> ATS 2 as a forward proxy > -> Origin server > > > > I am doing proxy chaining . ATS 2 is configured as parent proxy. and > there is a ssh tunnel between ATS1 and ATS2. > > > > When I send a http request from my client every thing works perfect and > I client gets the requested content. > > > > But when I send https request from my client, ATS1 sends back 403 Access > denied. > > > > I guess we need to make some settings for ATS to forward CONNECT method. > > CONNECT is enabled by default. > > You need fo figure out who is giving the 403 response. Check ATS access > logs, and packet trace from each hop if you have to. Knowing where the 403 > comes from will help you figure out what your next step is. > > > > > Can I get some help on configuring ATS for allowing https request to be > forwarded . > > > > If I need to upload the origin server certificate in ATS, that is also > possible. > > > > I don't need to make this setup as an open proxy. Only designated origin > server will be supported. > > > > Thanks in advance > > ~S > > > > > > > > On 9 March 2017 at 04:44, salil GK <[email protected]> wrote: > > Thanks James for pitching in . > > > > So the point is I want to get a https request delivered to the origin > server through my proxy. Now it is being dropped I guess . How do I get it > done ? > > > > Thanks in advance > > ~S > > > > On 8 March 2017 at 22:34, James Peach <[email protected]> wrote: > > > > > On Mar 8, 2017, at 2:48 AM, salil GK <[email protected]> wrote: > > > > > > Basically while analysing the traffic, what I observed is when I > access http site the header http header coming as > > > > > > ^MHTTPMSG:^M|GET http://10.106.251.95/ HTTP/1.1^MHost: > 10.106.251.95^MUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; > rv:51.0) Gecko/20100101 Firefox/51.0^MAccept: text/html,application/xhtml+ > xml,application/xml;q=0.9,*/*;q=0.8^MAccept-Language: > en-US,en;q=0.5^MAccept-Encoding: gzip^MCookie:<CONCEALED>^MConnection: > keep-alive^MUpgrade-Insecure-Requests: 1^M^M|^M > > > > > > > > > > > > where as for https access the http header comes as > > > > > > ^MHTTPMSG:^M|CONNECT 10.106.251.95:443 HTTP/1.1^MUser-Agent: > Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:51.0) Gecko/20100101 > Firefox/51.0^MProxy-Connection: keep-alive^MConnection: keep-alive^MHost: > 10.106.251.95:443^M^M|^M > > > > > > and servers return > > > Msg="HTTP/1.1 403 Access Denied" > > > > > > back to browser > > > > > > How do I configure ATS to pass https request to the origin server ? > > > > This is a user agent behavior. When user agents make a HTTPS request > through a proxy they will use the CONNECT method to establish an end-to-end > secure tunnel to the origin. > > > > > > > > Thanks in advance > > > ~S > > > > > > On 8 March 2017 at 14:40, salil GK <[email protected]> wrote: > > > Hello > > > > > > We were trying to set up a forward proxy. I have my remap entry as > below. > > > > > > > > > > > > >> > > > > > > regex_map http://(.{3,1023})/ http://$1/ > @plugin=ts_httpallow_remap_plugin.so > @pparam=/etc/trafficserver/etc/httpallowlist.txt > @pparam=forwardproxy > > > > > > << > > > > > > > > > > > > Httpallow_remap_plugin is used for filtering the origin server. > > > > > > If I access an external http site using this server a proxy, every > thing works. > > > > > > > > > > > > >> > > > > > > regex_map https://(.{3,1023})/ https://$1/ > @plugin=ts_httpallow_remap_plugin.so > @pparam=/etc/trafficserver/etc/httpallowlist.txt > @pparam=forwardproxy > > > > > > << > > > > > > > > > > > > > > > When I access an https site using this server as my proxy server, it > doesn’t work. Also the control doesn’t reach httpallow_remap_plugin also. > It always shows access denied. > > > > > > > > > > > > What could be the problem ? > > > > > > > > > > > > Thanks in advance > > > > > > ~S > > > > > > > > > > > > > >
