分类: LINUX
2009-02-11 17:15:09
When an HTTP connection is made through a proxy server the client (usually the browser) sends the request to the proxy. The proxy opens the connection to the destination, sends the request, receives the response and sends it back to the client. The HTTP protocol specifies a request method called CONNECT. The CONNECT method can be used by the client to inform the proxy server that a connection to some host on some port is required. The proxy server, if allows such connections, tries to connect to the destination address specified in the request header. If it the operation fails it sends back to the client a negative HTTP response and close the connection. If the operation succeeded then send back an HTTP positive response and the connection is consider established. After that, the proxy does not care what data is transferred between client requesting the connection and the destination. It just forwards data in both ways acting as a tunnel.
We are interested in CONNECT method from the HTTP protocol. After the applications opens a connection with the proxy server it must send the connect request in the form of an HTTP request:
CONNECT <destination_address>:<destination_port> <http_version><CR><LF> <header_line><CR><LF> <header_line><CR><LF> ... <header_line><CR><LF> <CR><LF>
The proxy server process the request and try to make a connection to <destionation_address>:<destination_port>
.
The proxy server sends back an HTTP response in the form:
<http_version> <code> <message><CR><LF> <header_line><CR><LF> <header_line><CR><LF> ... <header_line><CR><LF> <CR><LF>
If it is a positive response (code=200) then after the empty line the proxy begins to acts as a tunnel and forwards data. If it is a negative response (code!=200) then connection is closed after the empty line.