mitmproxy reverse proxy - want SSL only on non-standard port
Question
I want a reverse proxy (using mitmproxy/mitmdump) for an insecure site. I want the proxy to run on a non-standard port (not 443) and to be accessible only via https. This is the closest I've gotten:
mitmdump -p 2112 --mode reverse:http://localhost:41781 --set block_global=false --certs full.pem
This works when I access it via https: https://localhost:2112 . The problem is, it is also accessible via http: http://localhost:2112 .
How do I disable that and make it only accessible via https?
2 answers
solution1
1 2019-11-16 16:55:26
I have to agree with Steffen. Try to use nginx, f5 or other tools as they are more suitable to be used as a reverse proxy. Although, if you really want to stick with mitm , there should be an option called http2 which takes in a boolean to disable http access like this --no-http2 . So your command should look like something like this
mitmdump -p 2112 --mode reverse:http://localhost:41781 --no-http2 --set block_global=false --certs full.pem
solution2
0 2019-11-18 13:56:13
(Obligatory: Use Apache/nginx/... if you need a production-grade reverse proxy)
Mitmproxy currently always supports both HTTP and HTTPS to simplify setups (we had lots of bug reports because of misconfigurations). If you want to disable HTTP, you could write an addon that detects flow.request.scheme == "http" and then either invokes flow.kill() or sets flow.response = mitmproxy.http.HTTPResponse.make(<redirect data here>) . Lastly, you can also make sure to set HSTS headers in the response hook in mitmproxy.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.