Is it possible to edit HTTP request using fiddler so that my asp.net application hosted elsewhere return true for the following code block
HttpContext.Current.Request.Url.Host == "localhost"
Sure you can. Simply add the following:
if (oSession.hostname == "fakelocal"){
oSession.hostname = "localhost";
oSession["x-overrideHost"] = "123.1.1.1"; // <-- Server IP here!
}
Then, use the url: http://fakelocal/whatever in the client.
Fiddler will change the host header to "LOCALHOST" and direct the request to the server IP of your choice.
Note, of course, that this won't work if there's a proxy upstream, because upstream proxies do their own DNS lookups.
Related
I use asp.net Identity with AzureAD as an external Identity provider in my Balzor server side app. In development environment (localhost) logging in works fine. When I deploy the app to an on premise server in a docker image behind Nginx, it does not. Microsoft sends the error message AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application. I have added the proper reply URL to Azure portal. As far as I can tell, the request uses http, while https should be used, which causes the error.
Since Nginx handles secure transport, the headers need to be forwarded, so I configured Nginx and enabled Header forwarding in Startup.ConfigureServices:
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.ForwardLimit = 1;
options.KnownProxies.Add(IPAddress.Parse("123.xxx.xxx.xxx"));
});
and at the very beginning of Startup.Configure:
app.UseForwardedHeaders();
app.UseHsts();
// should not be necessary but I tried with and without
//app.UseHttpsRedirection();
When I enable logging, I think I see that the correct header is forwarded from Nginx:
...
Header: X-Forwarded-For: 123.xxx.xxx.xxx
Header: X-Forwarded-Proto: https
...
To me it looks like ChallengeResult() in ExternalLogin.Post is not using the forwarded headers and sends http://my.domain.ch/signin-oidc instead of https:// as reply URL, which causes the error.
I ran out of ideas what else I could try, any suggestions please?
After some digging I found the mistake: I did add the wrong proxy IP. Since my asp.net app is hosted on docker, I had to add the IP address of the docker image as proxy, not the IP of the server which hosts nginx and docker. In fact, I added the default network used by docker
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("172.17.0.0"), 16));
I am using haproxy in front of my web-server for ssl termination.
I am forwarding request on port 81 if request is https and 80 if request is normal http-
backend b1_http
mode http
server bkend_server
backend b1_https
mode http
server bkend_server:81
Problem is, when haproxy sends request to back-end, it sends HTTP_HOST header as request.domain.com:81.
Is it possible in haproxy that I can send https request to back-end at specific port without appending the port in HTTP_HOST request header?
There are two issues, here.
First, there is no HTTP_HOST header. The header is Host:. It sounds like HTTP_HOST is something being generated internally by your web server or framework.
Second, HAProxy doesn't modify the Host: header just because your back-end is listening on a port other than 80. It doesn't actually modify the Host: header at all, unless explicit configured to, using a mechanism like reqirep ^Host: ... or http-request set-header host ....
You can confirm this with a packet capture. You should find that whatever HTTP_HOST is, the value is necessarily being generated internally on the back-end system itself, because it's not coming from HAProxy.
I'm implementing a signalR self-hosted service using asp.net OWIN.
My server initialization looks something like this-
string url = "https://*:443";
WebApplication.Start<MyConfigurations>(url);
and on the client side-
var hubUrl = 'https://1.mydomain.com:443';
connection = $.hubConnection(hubUrl);
On the client side, I'm getting a 404 error while negotiating connection to signalR.
If I change the url on the server side to string url = "https://mydomain.com:443";, it works fine.
how do I configure the WebApplication to listen to all requests arriving to the server on port 443 (or any other port, using SSL), regardless of the URL that the client used?
Are you sure nothing else is registered to listen on 443? 'Cause * is a "weak" wildcard and if something else is listening on that port using a "stronger" URL registration than that it would explain why it does not work.
So, first, try https://+:443 and see if that works or even specify a base path like https://+:443/SignalRTest. That's the strongest possible form of wildcard. If you're still having issues, I'd check to make sure there are no other registrations for 443 with something like:
netsh http show urlacl
I am using fiddler as reverse proxy, my query is how we can change the https request to http using fiddler. I am trying to create a rule which can change the incoming request which is https and return as http.
Is this possible by editing rules in fiddler? Any suggestions?
You didn't say what you tried already? It's not clear what you mean by "return as HTTP"-- a HTTPS request can be easily routed to a HTTP endpoint, but when the client gets the response, it's going to be over HTTPS.
You can easily change the scheme of a request:
if (!oSession.isHTTPS && !oSession.HTTPMethodIs("CONNECT") &&
oSession.HostnameIs("myServer"))
{
oSession.oRequest.headers.UriScheme = "https";
}
I assume you've already figured out how to get Fiddler to act as a reverse proxy for HTTPS. It's non-obvious, but well-covered in the new Fiddler book.
I have nginx running on my server, listening port 80 and 433. I know nginx has a number ways of port forwarding that allows me to forward request like: http://myserver:80/subdir1 to some address like: http://myserver:8888.
My question is it possible to configure nginx so that i can forward NON-http request (just those plain TCP connection) to some other port? It's very easy to test if it's a http request because the first bytes will be either "GET" or "POST". Here's the example.
The client connected to nginx .
The client send:
a. HTTP get request: "GET / HTTP 1.1": some rule for HTTP
b. Any bytes that can't be recognized as HTTP header: forward it to some other port, say, 888, 999, etc.
Is it technically possible? Or would you suggest a way to do this?
It is possible since nginx 1.9.0:
http://nginx.org/en/docs/stream/ngx_stream_core_module.html
Something along these lines (this goes on top level of nginx.conf):
stream {
upstream backend {
server backend1.example.com:12345;
}
server {
listen 12345;
proxy_pass backend;
}
}
This is technically possible for sure.
You can modify open source tcp proxies like nginx module called nginx_tcp_proxy_module or HAproxy.
Or you can write a nginx module similar to above one to do this for you.
if nginx remote proxying with HTTP, your client could use the HTTP CONNECT command, then it connects with the remote port and forwards all data as "raw" (or at least I think so).