[Privoxy-users] Privoxy sending "Connection: close" after CONNECT method causes some upstream proxies to drop the connection.

Fabian Keil fk at fabiankeil.de
Wed Dec 7 11:03:29 UTC 2016


Marc Thomas <marc at dragonfly.plus.com> wrote:

> We have a web application at a number of sites which connects home via a
> private Privoxy instance at each site. In some cases there is also an
> upstream HTTP proxy which Privoxy forwards onto. The web application
> uses the HTTP CONNECT method to create a tunnel which is then secured
> with TLS.
> 
> What I have found at two sites with upstream proxies is the tunnel
> cannot be established. It would seem (from a trace) that Privoxy is
> adding "Connection: close" after the "CONNECT", and the upstream proxy
> then closes the connection instead of going into tunnel mode.

That's strange behaviour, whether or not the Connection header is set
shouldn't matter.

> If I telnet to the port of the upstream proxy and issue the CONNECT
> manually, it does not immediately close the connection unless I also add
> "Connection: close".
> 
> So, is there a way to prevent Privoxy sending "Connection: close" when
> forwarding a CONNECT method to an upstream proxy?
> 
> The environment is Privoxy 3.0.21 running on SLES11p3. I'm happy to
> re-compile Privoxy if required, but I don't know what the original build
> options were.

There is no option for this but you could try adding:

   if (csp->http->ssl != 0)
   {
      return JB_ERR_OK;
   }

before the "log_error()" call in parser.c's client_connection_header_adder().

If that doesn't make a difference, a log excerpt that shows the problem
would be useful.

Note that Privoxy 3.0.21 is severely out of date and contains known
security issues which your distro may not have backported, as you have
to recompile Privoxy anyway, you may want to update while your at it.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20161207/45f4beb7/attachment.bin>


More information about the Privoxy-users mailing list