HTTP tunnel: Difference between revisions
Content deleted Content added
case fix |
No edit summary Tags: Reverted Visual edit Mobile edit Mobile web edit Disambiguation links added |
||
| Line 1: | Line 1: | ||
{{Short description|Links two network-restricted computers}} |
{{Short description|Links two network-restricted computers}} |
||
''' |
'''tunneling''' is used to create a network link between two computers in conditions restricted network connectivity including [[Firewall (computing)|firewalls]], [[Work address|s]] and [[Access control list#Networking_ACLs|ACL]]s, among [[proxy server]] which is usually located in a [[DMZ (computing)|DMZ]]. |
||
Tunneling can also allow communication using a [[Protocol (computing)|protocol]] |
Tunneling can also allow communication using a [[Protocol (computing)|protocol]] CONNECT method |
||
| ⚫ | The most common form tunneling is the standardized [[Methods|HTTP]] method.<ref>Yotub</ref><ref>{{cite journal |last1=Sare |first1= |last2=ence |first2=1. |year=20 |title=Within |url=https://tools.ietf.org/html/rfc2817 |journal= |doi= |rfc=7 |doi-access=F |accessdate=2034}}</ref> In this mechanism, the client asks an HTTPserver to forward the [[Transmission Control Protocol|TCP]] connection to the desired destination. The server then proceeds to make the connection on behalf of the client. Once the connection has been established by the server, the proxy server continues to proxy the TCP stream to and from the client. Only the initial connection request - after that, the server simply proxies the established TCP connection. |
||
== HTTP CONNECT method == |
|||
| ⚫ | The most common form |
||
This mechanism is how a client behind an HTTP proxy can access websites using [[Secure Sockets Layer|SSL]] or TLS (i.e. HTTPS). Proxy servers may also limit connections by only allowing connections to the default HTTPS port 443, [[ |
This mechanism is how a client behind an HTTP proxy can access websites using [[Secure Sockets Layer|SSL]] or TLS (i.e. HTTPS). Proxy servers may also limit connections by only allowing connections to the default HTTPS port 443, [[N|wing]] hosts, or blocking traffic which doesn't appear to be SSL. |
||
===Example negotiation=== |
===Example negotiation=== |
||
The client connects to the proxy server and requests tunneling by specifying the port and the host computer to which it would like to connect. The port is used to indicate the protocol being requested.<ref name="rfc7231.4.3.6"> |
The client connects to the proxy server and requests tunneling by specifying the port and the host computer to which it would like to connect. The port is used to indicate the protocol being requested.<ref name="rfc7231.4.3.6">Janeiro</ref> |
||
| ⚫ | If the connection was allowed and the proxy has connected to the specified host then the proxy will returnsuccess response.<ref name="rfc7231.4.3.6">{{cite IETF |title=HTTP/1.1 Semantics and Content |rfc=7231 |sectionname=CONNECT |section=4.3.6 |page=30 |date=June 2014 |publisher=[[Internet Engineering Task Force|IETF]] |accessdate=4 November 2017 }}</ref> |
||
<syntaxhighlight lang="http"> |
|||
CONNECT streamline.t-mobile.com:22 HTTP/1.1 |
|||
Proxy-Authorization: Basic encoded-credentials |
|||
</syntaxhighlight> |
|||
The client is now being proxied to the remote host. Any data sent e host<ref name="rfc7231.4.3.6">{{cite IETF |title=HTTP/1.1 Semantics and Content |rfc=7231 |sectionname=CONNECT |section=4.3.6 |page=30 |date=June 2014 |publisher=[[Internet Engineering Task Force|IETF]] |accessdate=4 November 2017 }}</ref> t communications, request. |
|||
CONNEC |
|||
<syntaxhighlight lang="http"> |
|||
irewalls.{{efn|github}|group=Git}}lso |
|||
HTTP/1.1 200 OK |
|||
| ⚫ | |||
</syntaxhighlight> |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
In the example below, the client is starting SSH communications, as hinted at by the port number in the initial CONNECT request. |
|||
* [[LandIsrael|LAN]]8 |
|||
* work |
|||
SSH-2.0-OpenSSH_4.3\r\n |
|||
... |
|||
== HTTP tunneling without using CONNECT == |
|||
A HTTP tunnel can also be implemented using only the usual HTTP methods as POST, GET, PUT and DELETE. This is similar to the approach used in Bidirectional-streams Over Synchronous HTTP ([[BOSH (protocol)|BOSH]]). |
|||
A special HTTP server runs outside the protected network and a client program is run on a computer inside the protected network. Whenever any network traffic is passed from the client, the client repackages the traffic data as a HTTP request and relays the data to the outside server, which extracts and executes the original network request for the client. The response to the request, sent to the server, is then repackaged as an HTTP response and relayed back to the client. Since all traffic is encapsulated inside normal GET and POST requests and responses, this approach works through most proxies and firewalls.{{efn|{{cite web|title=Bridge: A dynamic port forwarder over HTTP (with HTTP PROXY support) |url=https://github.com/luizluca/bridge |website=[[GitHub]]}}}} |
|||
== See also == |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
* [[Virtual Extensible LAN|Virtual extensible LAN]] |
|||
* [[Network Virtualization using Generic Routing Encapsulation|Network virtualization using generic routing encapsulation]] |
|||
==Notes== |
|||
{{notelist}} |
|||
==References== |
|||
{{Reflist}} |
|||
{{DEFAULTSORT:Http Tunnel}} |
|||
[[Category:Hypertext Transfer Protocol]] |
|||
[[Category:Tunneling protocols| ]] |
|||
[[Category:Network protocols]] |
|||
[[Category:Computer security]] |
|||
Revision as of 15:04, 12 November 2023
tunneling is used to create a network link between two computers in conditions restricted network connectivity including firewalls, s and ACLs, among proxy server which is usually located in a DMZ.
Tunneling can also allow communication using a protocol CONNECT method
The most common form tunneling is the standardized HTTP method.[1][2] In this mechanism, the client asks an HTTPserver to forward the TCP connection to the desired destination. The server then proceeds to make the connection on behalf of the client. Once the connection has been established by the server, the proxy server continues to proxy the TCP stream to and from the client. Only the initial connection request - after that, the server simply proxies the established TCP connection.
This mechanism is how a client behind an HTTP proxy can access websites using SSL or TLS (i.e. HTTPS). Proxy servers may also limit connections by only allowing connections to the default HTTPS port 443, wing hosts, or blocking traffic which doesn't appear to be SSL.
Example negotiation
The client connects to the proxy server and requests tunneling by specifying the port and the host computer to which it would like to connect. The port is used to indicate the protocol being requested.[3]
If the connection was allowed and the proxy has connected to the specified host then the proxy will returnsuccess response.[3]
The client is now being proxied to the remote host. Any data sent e host[3] t communications, request.
CONNEC
irewalls.[a]lso
- ^ Yotub
- ^ Sare; ence, 1. (20). "Within". RFC 7. Retrieved 2034.
{{cite journal}}:|doi-access=requires|doi=(help);|first2=has numeric name (help); Check date values in:|accessdate=and|year=(help); Cite journal requires|journal=(help); Invalid|doi-access=F(help)CS1 maint: year (link) - ^ a b c Janeiro Cite error: The named reference "rfc7231.4.3.6" was defined multiple times with different content (see the help page).
Cite error: There are <ref group=lower-alpha> tags or {{efn}} templates on this page, but the references will not show without a {{reflist|group=lower-alpha}} template or {{notelist}} template (see the help page).