[Privoxy-users] rewriting the Host header, switching protocols

Sat Jun 17 12:09:05 CEST 2023

Madhu <enometh at meer.net> wrote on 2023-06-15 at 18:17:55:

> *  Fabian Keil <20230323085448.56008ae0 at fabiankeil.de>
> Wrote on Thu, 23 Mar 2023 08:54:48 +0100
> > Madhu <enometh at meer.net> wrote on 2023-03-23 at 09:55:27:
> 
> >> 1.  To rewrite the Host: header of a forwarded request to a target
> >> webserver (based on certain criteria)
> > This is supported and can be done with a client-header filter:
> > https://www.privoxy.org/user-manual/actions-file.html#CLIENT-HEADER-FILTER
> >
> > You can use tags or URL patterns to decide when to apply the filter.
> 
> Thanks. I was able to get this working easily with the excellent
> documentation.

Great.

> >> 2. To switch the protocol from HTTPS to HTTP when forwarding a request
> >> to another proxy (typically local, again based on certain criteria)
> >
> > This can be done by rewriting the protocol in the URL
> > in the request line with a client-header filter.
> 
> Since the host isn't available in the client-header-filter I figure
> this means that there has to be as many client filters as there are
> hosts involved.  This is not really a problem.

Actually a dynamic filter can use the $host variable:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=default.filter;h=aaf70a3e242c9944248dcac8316cc4599be0b8b8;hb=HEAD#l57

> I think I have a problem if I want to chain a forwarding action after
> the downgrade to http - with a user actions file section like this:
> 
> ```
> { +client-header-filter{downgrade-http-on-wwwhost} \
>  +forward-override{ forward  <http-proxyhost>:<http-proxyport> } }
> wwwhost/
> ```
> called by a `curl -v -x localhost:8118 https://<wwwwhost>' request
> 
> privoxy initially scans a "CONNECT <wwwhost>:443 HTTP/1.1" line from
> curl, correctly applies the client header filters, detects the
> rewritten header and the http downgrade, and rewrites the request
> lines, but the new HTTP request line to send to the forwarding proxy
> is "CONNECT <wwwhost>:80 HTTP/1.1" to establish a proxy tunnel but
> since the protocol is now http I'd like it to be "GET http://<wwwhost>
> HTTP/1.1"
> 
> Does this need a new sort of forwarding action?

Thanks for the report. As it turns out this is a bug.

The attached lightly-tested patch should get this working.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-build_request_line-Use-server_use_ssl-instead-of-cli.patch
Type: text/x-patch
Size: 1299 bytes
Desc: not available
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20230617/b598e22d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20230617/b598e22d/attachment-0001.bin>