Re: Proxy Tunneling (via the HTTP CONNECT method)
Re: Proxy Tunneling (via the HTTP CONNECT method)
- Subject: Re: Proxy Tunneling (via the HTTP CONNECT method)
- From: "Peter Lovell" <email@hidden>
- Date: Thu, 6 Nov 2003 21:55:42 -0500
>
I just learned about the HTTP CONNECT method, the spec for which is a now
>
obsolete but yet widely implemented internet draft, (for those interested,
>
this can be found at
>
http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-t
>
unneling-01.txt.)
>
>
The CONNECT(host,port) method, if implemented by a particular Proxy,
>
establishes a "tunneled" connection through the Proxy to the destination
>
server located at host,port. The orignal intent was to establish a tunnel
>
to port 443 for SSL, but it also allows for tunneling to port 80 for HTTP.
>
My question is, can it also be used for establishing a direct connection
>
(i.e. straight TCP) to a high port? I realize this would depend on which
>
Proxy, but the question is whether *most* proxies would allow this. Does
>
anyone know?
>
--
Hi Larry,
I don't know how widely this is implemented, but it certainly is out there.
Some proxies restrict it to 443 only, some other even check that the
traffic on 443 is SSL. Obviously they can't do that entirely as then
there could be a man-in-the-middle attack on the SSL session, but those
which do look at the handshake to see if it looks like SSL.
Another consideration is that some configurations can be used as open
relays, so sysadmins have tended to impose restrictions. I don't know if
these issue would impact your anticipated usage, but they'd be worth checking.
Regards.....Peter
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.