Re: problem with ssh port forwarding for http connections

To: debian-user@lists.debian.org
Cc: q.gong@tue.nl
Subject: Re: problem with ssh port forwarding for http connections
From: Vineet Kumar <vineet@doorstop.net>
Date: Fri, 20 Feb 2004 14:41:31 -0800
Message-id: <[🔎] 20040220224131.GC31853@doorstop.net>
Mail-followup-to: debian-user@lists.debian.org, q.gong@tue.nl
In-reply-to: <[🔎] 20040220151445.GA17436@tue.nl>
References: <[🔎] 20040220151445.GA17436@tue.nl>

* Qian Gong (q.gong@tue.nl) [040220 07:16]:
> Hi,
> 
> I am trying ssh port forwarding for http connections by: 
> 	ssh -L2001:www.web.server:80 ssh_server
> Then use mozilla to browse http://localhost:2001. Some web site can be
> visited successfully. But for some web site it fails. There are two
> problems.
> 
> 1. If the website uses cookie, it will report the browser does not
> support cookie.
> 2. Some web sites are "access denied".
> 
> Does it mean ssh port forwarding is not fully functional with http
> connections? Is the mechanism of ssh port forwarding different from that
> of iptables? 

No and yes.  SSH works just fine for setting up a simple tcp proxy.
What you'll probably need for general-purpose browsing is a dedicated
HTTP proxy.  The reason is that HTTP 1.1 makes use of a Host: header
in each request.  The client informs the server what hostname it's using
via this header.  In this way, servers can implement name-based virtual
hosting, wherein different sites are presented at the same IP address
based on varying Host headers.  If your browser thinks it's talking to a
host called "localhost", it will send a header "Host: localhost", which
will break for sites using name-based virtual hosts (which include quite a
few sites) and cookies, since cookies are used per-domain.  Using an
HTTP proxy should allow you to work through both of these issues.  You
might consider installing tinyproxy on ssh_server (in your example).
Then create an ssh tunnel something like -L 8080:localhost:8080 and set
your browser to use localhost:8080 as an HTTP proxy.  Then browse as
usual, without having to resort to using "http://localhost:2001/";.  The
browser should send the HTTP proxy requests through the ssh tunnel to
the tinyproxy running on the ssh_server.  This is a simple but effective
solution; if you find yourself using proxy-based browsing frequently,
you may find that you prefer one of the many more full-featured (e.g.
caching) proxies available in place of tinyproxy.

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."	--Benjamin Franklin

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- problem with ssh port forwarding for http connections
  - From: Qian Gong <q.gong@tue.nl>

Prev by Date: Re: PCL only printer
Next by Date: Re: setting up alsa using a 2.6.2 kernel?
Previous by thread: problem with ssh port forwarding for http connections
Next by thread: 深蓝软件上半年及近期课程安排表
Index(es):
- Date
- Thread