>> We have 30+ clients all using HTTP proxies to connect to our database. It
>> works be cause as previously stated you must use SSL. That is, as soon as
>> you specify the target port to be 443, the proxy has to let the packets
>> pass through un touched otherwise SSL handshake will not work. We haven't
>> found a HTTP proxy that doesn't work with this technique.
>
> The proxies pass the data through to where? How does the proxy know where
> to forward the data on to unless it can inspect the headers of the
> request?
>
> No, if you are using a general HTTP proxy for an outgoing connection, the
> client software needs to be proxy aware, enough to tell the proxy which
> server it wants to connect to. This is done using the CONNECT command. SSL
> handshake occurs after that with the target server once that connection is
> set up.
Sorry if it wasn't clear but I never said that the client does not have to
be proxy aware...
Please read my first email with attached source code. In the source code is
how to attach to a proxy server, with or without basic authentication. I
probably didn't make it clear what was in that code...
Once connected to a proxy and you have specified HTTPS as the target
protocol (port 443), the proxy does not do any protocol inspection because
its expecting the byte stream to be encrypted and would therefore be a
pointless exercise. In this mode the HTTP proxy server, as stated by Samuel
Gendler, behaves much like a SOCKS proxy, passing un-inspected packets
between client and host.
You either need to modify the JDBC driver code to make it proxy aware (see
my original post for the source code on how) or you need to provide your own
implementation for the standard SocketFactory, via
Socket.setSocketImplFactory(SocketImplFactory fac), and provide your proxy
connection code here.
I'm not saying its easy and am with the majority here in saying its a lot of
effort to make it work and behave nicely and should be avoided where ever
possible!
