Re: [jetty-dev] Can Jetty ProxyServlet handle HTTPS?`

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Can Jetty ProxyServlet handle HTTPS?`

From: Gilles Ducret <gilles.ducret@xxxxxxxxx>
Date: Fri, 29 Aug 2014 10:28:52 +0200
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Thanks a lot Greg, this makes it more clear to me.

My need is this one (as described in another email): I'd like to mask some of the ajax responses returned by a third party product we acquired. This, to meet company privacy rules.

This means that I need to put "a man in the middle" to intercept the ajax responses and mask the data in some cases.

We use SSL/https to connect to the 3rd party product.

So my question is, if I use the proxy servlet as a transparent proxy, can I use it to modify the ajax responses?

Regards

Gilles

2014-08-29 0:41 GMT+02:00 Greg Wilkins <gregw@xxxxxxxxxxx>:

Gilles,

there are two type of proxies: client configured and transparent.

For client configured proxies, HTTPS connections will be converted to a CONNECT request by the client and an end to end TLS channel created before any requests are sent.

For a transparent proxy, it is the server that decides to proxy the request and it can do so equally for http and https. The TLS connection will be terminated on the proxy server, so it must be able to provide the certificate for the origin server (or be the origin server). If the outgoing link is to be TLS, it is a different TLS session and the proxy is a man-in-the-middle.

ProxyServlet can definitely be used in this mode.

cheers

On 29 August 2014 05:54, Gilles Ducret <gilles.ducret@xxxxxxxxx> wrote:

Hi,

I am asking this question because all the examples I have seen recommand to use a ConnectHandler to manage https connect, and hence https traffic.

By reading the code I understand that this handler creates a socket connection between the client and the server and that all the traffic then goes through this socket.

This means that the ConnectHandler acts as a proxy for https.

I have debugged a lot and noticed that ConnectHandler proxies all the https traffic and ProxyServlet proxies all the http traffic.

Is that correct?

Else how can I proxy the https traffic with a ProxyServlet?

Thanks

Gilles

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev

References:
- [jetty-dev] Can Jetty ProxyServlet handle HTTPS?`
  - From: Gilles Ducret
- Re: [jetty-dev] Can Jetty ProxyServlet handle HTTPS?`
  - From: Greg Wilkins

Prev by Date: Re: [jetty-dev] Can Jetty ProxyServlet handle HTTPS?`
Next by Date: [jetty-dev] Sharing/Binding a java.net.Socket among HTTP threads initialized by Jetty server
Previous by thread: Re: [jetty-dev] Can Jetty ProxyServlet handle HTTPS?`
Next by thread: [jetty-dev] Sharing/Binding a java.net.Socket among HTTP threads initialized by Jetty server
Index(es):
- Date
- Thread

Breadcrumbs