You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2013/10/02 15:18:26 UTC

[jira] [Issue Comment Deleted] (HTTPCLIENT-1406) https on port 80 over proxy caused the http client to go into an infinite loop

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-1406:
------------------------------------------

    Comment: was deleted

(was: I am unable to reproduce the problem with HttpClient 4.3

{noformat}
executing request: GET / HTTP/1.1
via proxy: http://localhost:8080
to target: https://localhost:80
2013/10/02 14:11:34:565 GMT+01:00 [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2013/10/02 14:11:34:574 GMT+01:00 [DEBUG] RequestAuthCache - Auth cache not set in the context
2013/10/02 14:11:34:575 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {tls}->http://localhost:8080->https://localhost:80][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
2013/10/02 14:11:34:588 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {tls}->http://localhost:8080->https://localhost:80][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2013/10/02 14:11:34:599 GMT+01:00 [DEBUG] MainClientExec - Opening connection {tls}->http://localhost:8080->https://localhost:80
2013/10/02 14:11:34:603 GMT+01:00 [DEBUG] HttpClientConnectionManager - Connecting to localhost/127.0.0.1:8080
2013/10/02 14:11:34:609 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> CONNECT localhost:80 HTTP/1.1
2013/10/02 14:11:34:609 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Host: localhost:80
2013/10/02 14:11:34:609 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Proxy-Connection: Keep-Alive
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << HTTP/1.0 407 Proxy Authentication Required
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Server: squid/2.5.STABLE13
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Mime-Version: 1.0
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Date: Wed, 02 Oct 2013 13:11:34 GMT
2013/10/02 14:11:34:612 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Type: text/html
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Length: 1265
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Expires: Wed, 02 Oct 2013 13:11:34 GMT
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Proxy-Authenticate: Basic realm="test-proxy"
2013/10/02 14:11:34:613 GMT+01:00 [DEBUG] headers - http-outgoing-0 << X-Cache: MISS from localhost
2013/10/02 14:11:34:614 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Proxy-Connection: close
2013/10/02 14:11:34:616 GMT+01:00 [DEBUG] HttpAuthenticator - Authentication required
2013/10/02 14:11:34:616 GMT+01:00 [DEBUG] HttpAuthenticator - localhost:8080 requested authentication
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for negotiate authentication scheme not available
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for NTLM authentication scheme not available
2013/10/02 14:11:34:617 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Challenge for Digest authentication scheme not available
2013/10/02 14:11:34:633 GMT+01:00 [DEBUG] HttpAuthenticator - Selected authentication options: [BASIC]
2013/10/02 14:11:34:634 GMT+01:00 [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
2013/10/02 14:11:34:635 GMT+01:00 [DEBUG] HttpClientConnectionManager - Connecting to localhost/127.0.0.1:8080
2013/10/02 14:11:34:635 GMT+01:00 [DEBUG] HttpAuthenticator - Generating response to an authentication challenge using basic scheme
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> CONNECT localhost:80 HTTP/1.1
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Host: localhost:80
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Proxy-Connection: Keep-Alive
2013/10/02 14:11:34:637 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Proxy-Authorization: Basic xxxxxxxx
2013/10/02 14:11:34:638 GMT+01:00 [DEBUG] headers - http-outgoing-0 << HTTP/1.0 200 Connection established
2013/10/02 14:11:34:638 GMT+01:00 [DEBUG] HttpAuthenticator - Authentication succeeded
2013/10/02 14:11:34:639 GMT+01:00 [DEBUG] ProxyAuthenticationStrategy - Caching 'basic' auth scheme for http://localhost:8080
2013/10/02 14:11:34:639 GMT+01:00 [DEBUG] MainClientExec - Tunnel to target created.
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] MainClientExec - Executing request GET / HTTP/1.1
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] MainClientExec - Target auth state: UNCHALLENGED
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> GET / HTTP/1.1
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Host: localhost:80
2013/10/02 14:11:34:890 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2013/10/02 14:11:34:891 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.3.1-SNAPSHOT (java 1.5)
2013/10/02 14:11:34:891 GMT+01:00 [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2013/10/02 14:11:34:891 GMT+01:00 [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Date: Wed, 02 Oct 2013 13:11:34 GMT
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Server: Apache/2.2.22 (Ubuntu)
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Last-Modified: Sat, 13 Apr 2013 09:48:25 GMT
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << ETag: "2111e-b1-4da3aebc22fcf"
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Accept-Ranges: bytes
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Vary: Accept-Encoding
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Encoding: gzip
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Length: 146
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Keep-Alive: timeout=5, max=100
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2013/10/02 14:11:34:892 GMT+01:00 [DEBUG] headers - http-outgoing-0 << Content-Type: text/html
2013/10/02 14:11:34:894 GMT+01:00 [DEBUG] MainClientExec - Connection can be kept alive for 5000 MILLISECONDS
2013/10/02 14:11:34:909 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: {tls}->http://localhost:8080->https://localhost:80] can be kept alive for 5.0 seconds
2013/10/02 14:11:34:910 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {tls}->http://localhost:8080->https://localhost:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2013/10/02 14:11:34:910 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection manager is shutting down
2013/10/02 14:11:34:910 GMT+01:00 [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
2013/10/02 14:11:34:911 GMT+01:00 [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
2013/10/02 14:11:34:911 GMT+01:00 [DEBUG] PoolingHttpClientConnectionManager - Connection manager shut down
----------------------------------------
HTTP/1.1 200 OK
Response content length: -1
{noformat})

> https on port 80 over proxy caused the http client to go into an infinite loop
> ------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1406
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1406
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.5
>            Reporter: Jason Webb
>
> Using a proxy configuration of https on port 80 sends the http client into an infinite loop.  Creating mini dos attack on the proxy server.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org