cancel
Showing results for 
Search instead for 
Did you mean: 
feickholt
Level 10

HTTP Header modification (especially HOST Part)

We use PAT on our Checkpoint FW to select different Source InternetIP-Adresses for outgoing connections. We need this for a special software.

What do we expect:

http://www.a.com should be access with different Source IP-Adresses

So we build a rule for setting the port (in this example I use a fixed port number. in real we use some information to caclulate it)

url.port = 30071

now the proxy connects to the server using Port 30071

the fw use PAT to translate this => use source A connect to URL Using port 80 (ur.port 30072 will use source B port 80 and so on)

On most servers this works great.

On some server we receives an error.

Reason: in the HTTP Header the host part is set to www.a.com:30071

The server ignores that the Paket was received on port 80. It sends a Code 302 (page moved to www.a.com). Now the client send the request again and the proxy

modified the port again to 30071.... result LOOP

I find no way to change the HOST Part to a value without port information without loosing the possibility to send the paket to port 30071

The other solution might beto set the URI value to an absolut value. Then the server must ignore the Host part. (as defined in HTTP 1.1). Bu I find no way to change this part.?

Any suggestions?

0 Kudos
3 Replies
feickholt
Level 10

Re: HTTP Header modification (especially HOST Part)

I found a way to modify the URI value, but unfortunatly the proxy encodes the url.

If i set url.path to the whole url the http get contains the whole url but the : is encoded to %3a

Anyway to change this?

Here is a simulation using telnet

First using %3A im GET (Encoded)

---------------------------------------------------------------------------

telnet 12.161.242.20 30071

Trying 12.161.242.20...

Connected to 12.161.242.20.

Escape character is '^]'.

GET http%3A//onlinelibrary.wiley.com/ HTTP/1.1

Host: onlinelibrary.wiley.com:30071

Connection: close

User-Agent: Mozilla

HTTP/1.1 400 Bad Request

Set-Cookie: OLProdServerID=1026; domain=.wiley.com;path=/

Date: Wed, 24 Apr 2013 08:37:35 GMT

Server: Apache

Content-Length: 226

Connection: close

------------------------------------------------------------------

here using :

telnet 12.161.242.20 30071

Trying 12.161.242.20...

Connected to 12.161.242.20.

Escape character is '^]'.

GET http://onlinelibrary.wiley.com/ HTTP/1.1

Host: onlinelibrary.wiley.com:30071

Connection: close

User-Agent: Mozilla

HTTP/1.1 200 OK

Set-Cookie: OLProdServerID=1027; domain=.wiley.com;path=/

Date: Wed, 24 Apr 2013 08:38:48 GMT

Server: Apache-Coyote/1.1

Pragma: no-cache

Nachricht geändert durch feickholt on 24.04.13 03:49:00 CDT
0 Kudos
McAfee Employee

Re: HTTP Header modification (especially HOST Part)

Hi Feickholt,

Changing the URL.Port will result in the behavior you observed (www.a.com becomes www.a.com:30071).

I think you are going down the wrong path with your second post.

What I would suggest trying is a next hop proxy. This will make the MWG leave the request alone, but make the request to the port you define in the next hop proxy.

Best,

Jon

0 Kudos
feickholt
Level 10

Re: HTTP Header modification (especially HOST Part)

This may work, but not in our environement.

We use this configuration for 200 predefined site.

Each PAT (port -> IP source translation) is able to use the every site.

We use this to identify intranet usergroup on special internet site we've to pay for. Using their logs we can distribute the costs. (I know a very special solution)

0 Kudos