[hybi] Proposal for a clean way to detect non-HTTP compliant transparent proxies
Willy Tarreau <w@1wt.eu> Wed, 21 July 2010 22:51 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B8F573A680F for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 15:51:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.529
X-Spam-Level:
X-Spam-Status: No, score=-3.529 tagged_above=-999 required=5 tests=[AWL=-1.486, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9s5JPdjCou1o for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 15:51:56 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 7E0493A659C for <hybi@ietf.org>; Wed, 21 Jul 2010 15:51:55 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o6LMqAIX007093 for hybi@ietf.org; Thu, 22 Jul 2010 00:52:10 +0200
Date: Thu, 22 Jul 2010 00:52:10 +0200
From: Willy Tarreau <w@1wt.eu>
To: hybi@ietf.org
Message-ID: <20100721225210.GE6475@1wt.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
Subject: [hybi] Proposal for a clean way to detect non-HTTP compliant transparent proxies
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 22:51:56 -0000
I've just thought about a way to fix the initial handshake so that it works with proper HTTP-compliant implementations but still fails through non-compliant transparent proxies. Let's have the client send the initial handshake request to the server. This handshake is only made of HTTP headers. The client completes the request with "Connection: close" so that a transparent intermediate does not wait for a possible second request in case it does not understand the upgrade response : GET /xxxx HTTP/1.1 Upgrade: WebSocket Connection: close ... ws headers ... ... \r\n The server will send : HTTP/1.1 101 Swithing protocols Upgrade: WebSocket Content-length: 0 Connection: close ... ws headers ... ... \r\n any-form-of-hello-message (eg: the server's protocol version) That way, if a transparent proxy does not have explicit support for 101, it will only forward the headers with an empty body (CL: 0) and close the connection towards the client. The client then gets an empty response without the in-protocol HELLO message and knows that an intermediate is in the way and is not compatible. The only way for such a response to pass unmolested to the client is for intermediates to have a proper understanding of the 101/Upgrade mechanism which implies that any data after the empty line is to be tunnelled, despite Content-length: 0. It also has the nice advantage of being compatible with HTTP, which means that ISPs making use of transparent proxies will have no problem adding reliable cache-bypass rule which relies on the Upgrade: header. Any thoughts ? Willy
- [hybi] Proposal for a clean way to detect non-HTT… Willy Tarreau
- Re: [hybi] Proposal for a clean way to detect non… Willy Tarreau
- Re: [hybi] Proposal for a clean way to detect non… Greg Wilkins
- Re: [hybi] Proposal for a clean way to detect non… Willy Tarreau
- Re: [hybi] Proposal for a clean way to detect non… Jamie Lokier
- Re: [hybi] Proposal for a clean way to detect non… Willy Tarreau
- Re: [hybi] Proposal for a clean way to detect non… Greg Wilkins
- Re: [hybi] Proposal for a clean way to detect non… Roy T. Fielding
- Re: [hybi] Proposal for a clean way to detect non… Willy Tarreau
- Re: [hybi] Proposal for a clean way to detect non… Willy Tarreau