| View previous topic :: View next topic |
| Author |
Message |
kkg
-
Joined: 26 Jan 2005
Posts: 4
|
 Posted: Fri Mar 04, 2005 12:17 am Post subject: abyss works with proxy server? |
 |
|
I'm running into a problem when using abyss with a very simple proxy server I wrote.
For example, machine A sends a GET request to my proxy, and my proxy (on machine B) forwards it to the abyss server (on machine C). In this case, the payload of the packet says that it's a GET request to machine B, not to machine C where the abyss server is located. It seems that a "400 bad request" is generated by the abyss server. Does anyone know how to solve this problem?
I tried apache and it doesn't have this problem.
Thanks. |
|
| Back to top |
  |
 |
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Fri Mar 04, 2005 11:05 am Post subject: Re: abyss works with proxy server? |
|
|
kkg,
Abyss Web Server is more strict than Apache when it decodes requests. If the request is incoherent, it is refused. That's good for security.
But the problem here is obviously caused by your proxy which doesn't seem to do the things in the right way.
When some one asks for the page http://C/page.html on A, the browser on A will send the following request to the proxy on B:
GET http://C/page.html HTTP/1.1
Header1: blah blah
Header2: blah blah
The proxy should send to C the following request:
GET /page.html HTTP/1.1
Header1: blah blah
Header2: blah blah
Host: C
Via: MyNiceProxy
But if the proxy sends the original request as is to the sever, Abyss will refuse it. Abyss understands that this request is for a proxy and not for a server. It also checks also the validity of the Host header if available.
We recommend that you read the RFC 2616 http://www.faqs.org/rfcs/rfc2616.html for technical details about the HTTP protocol and about proxies. You'll find there what a proxy MUST do and implement to be confomring to the protocol and to work with all HTTP servers.
If you need also advice on how to fix your proxy source code, please send us its source code.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
kkg
-
Joined: 26 Jan 2005
Posts: 4
|
| Posted: Fri Mar 04, 2005 1:19 pm Post subject: |
|
|
aprelium,
Thanks for your reply.
I understand that such feature on abyss is good for security, and I also understand that my proxy is not doing the job.
However I just wanted to know if such feature can be turned off on abyss, which will make my life a bit easier. :) Thanks again.
kkg |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sat Mar 05, 2005 12:22 pm Post subject: |
|
|
| kkg wrote: |
However I just wanted to know if such feature can be turned off on abyss, which will make my life a bit easier. :) Thanks again.
|
You're welcome. Unfortunately, there is no way to turn these security checks off without modifying the web server's code.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
