2

I'm trying to create a proxy in Java which proxies HTTP and HTTPS URLs. (I'm using Tomcat 8.0.14. I have set up Tomcat to receive HTTPS connections on port 8443, although this shouldn't be necessary to use Tomcat as an HTTPS proxy. But either way I get the same behaviour.) I've got it working using HTTP, but when I use HTTPS, it seems that Tomcat just rejects the connection and doesn't even call my servlet.

To illustrate this, I've created an example "Hello World" servlet mapped to "/*" in my web.xml.

public class HelloWorldProxy extends HttpServlet {
    @Override
    public void service(ServletRequest req, ServletResponse res)
            throws ServletException, IOException {
        System.out.println("Hello, World! " + ((new Date()).toString()));
        super.service(req, res);
    }
}

I set "localhost:8080" as the proxy for HTTP and HTTPS requests in Firefox as a test. Behaviour:

Does anyone know why this is?

Adam Burley
  • 5,551
  • 4
  • 51
  • 72
  • Proxying https is a man in the middle attack. The browser tries to verify that its connection is with the target server, not a proxy. See also http://stackoverflow.com/questions/516323/https-connections-over-proxy-servers – flup Aug 25 '15 at 06:13
  • As Bruno commented on the linked answer, an HTTP proxy is not a "man in the middle" in this sense. For example, we use a proxy at work called CNTLM which authenticates with our corporate NTLM proxy. Both CNTLM and the corporate proxy work fine with HTTPS connections. In the corporate proxy case you could imagine this may be achieved using a certificate that is rolled out to all corporate machines, but for a locally-installed CNTLM there is no such process. There's no need for the proxy to decrypt the HTTPS traffic and therefore have a certificate. – Adam Burley Aug 25 '15 at 17:29

1 Answers1

0

For me it so far not clear which part of the connection is not working. As far as I understood your setup looks like

client <---> my-tomcat-proxy <---> some webpage

If the https connection between the client and your tomcat does not work, you maybe need to extend you tomcat config xml with an SSL connector, see Apache Tomcat 6.0 SSL Configuration HOW-TO for more details.

I had the same problem that my tomcat did not reply to client-side https requests. My problem was that I did not configure the tomcat properly to accept https connections.

Westranger
  • 1,308
  • 19
  • 29
  • I have set up tomcat to accept https connections as per my question and this works fine (when the tomcat server is called as a standalone server rather than as a proxy). However this should also not be necessary to create an HTTPS proxy in the sense of the HTTP specification. The connection between the client and proxy is not end-to-end HTTPS as the proxy is just proxying encrypted traffic between a host and client. There are not two separate HTTPS connections between the client and proxy and proxy and host. It's all one connection with a single SSL certificate. – Adam Burley Aug 27 '15 at 14:30
  • The guide you refer to is about setting up a standalone server where the HTTPS encryption terminates at the proxy. My server can already do this but this is not the goal I am trying to achieve. I have posted all my code and setup in my question. If you are able to get it working and post how you did it, then I will accept your answer. However I suspect your current answer is based on your experience working with standalone HTTPS servers and not with HTTPS proxies. – Adam Burley Aug 27 '15 at 14:32
  • Hi Westranger, the answer did not help me to solve my problem, as per my comments above which you have not replied to. – Adam Burley Jul 15 '16 at 11:49