Comments (6)
tmackay
commented on July 17, 2024
I can see how getting the details from the certificate would come in handy - hostname for example. What if we could connect first by IP, get the certificate details, then reconnect using hostname? This would help a lot with hostname based acls in the parent proxy.
from go-any-proxy.
ryanchapman
commented on July 17, 2024
I like your idea tmackay--it's adds an additional layer of security. Adding it to the issue.
from go-any-proxy.
skbly7
commented on July 17, 2024
I think we (I and @jyotishp) have a PoC implementation for this over go-any-proxy.
Any comments or suggestions would be great.
The first packet is being captured i.e. HELLO, hostname extracted out using sni.go available in google/tcpproxy. This allows us to make hostname based connection on parent proxies, so filtering rules remain intact. Further, the initial HELLO packet is retransmitted upon proxy
CONNECT. Overall, HTTPS is preserved.
from go-any-proxy.
ryanchapman
commented on July 17, 2024
Just taking a quick pass, looks ok to me. Could you add an optional flag so that it isn't enabled by default? Then I think we could merge a PR.
from go-any-proxy.
skbly7
commented on July 17, 2024
Sure, I have made it optional and sent the pull request for the same.
from go-any-proxy.
ryanchapman
commented on July 17, 2024
Thanks for the contribution!
from go-any-proxy.
Related Issues (20)
- Log go version on startup
- Investigate TCP connection repair for HA
- Wrong logic for eth interface in init.d debian script
- Rules engine based on DNS
- I have written a tproxy listener socket, can you add this function to your proxy? HOT 1
- Panic invalid memory address nil pointer de reference HOT 3
- Disconnects from proxy server HOT 4
- MPTCP (Multipath TCP) support/testing HOT 3
- i installed any_proxy ,failed,how to fix it? HOT 2
- Can go-any-proxy Do This? HOT 3
- reverseLookupCache.hostnames need lock HOT 4
- Release all connections if too many files are opened HOT 7
- Proxy HTTP requests HOT 2
- Failed to proxy HOT 10
- Installation instructions fail on impish HOT 4
- Use any-proxy as SMTP/IMAP forwarder HOT 1
- CONNECT always results in: HTTP/1.1 403 URLBlocked HOT 4
- TESTING: close clientConn at various times
- Change net.Dial to net.DialTCP HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-any-proxy.