* Qian Gong ([EMAIL PROTECTED]) [040220 07:16]: > Hi, > > I am trying ssh port forwarding for http connections by: > ssh -L2001:www.web.server:80 ssh_server > Then use mozilla to browse http://localhost:2001. Some web site can be > visited successfully. But for some web site it fails. There are two > problems. > > 1. If the website uses cookie, it will report the browser does not > support cookie. > 2. Some web sites are "access denied". > > Does it mean ssh port forwarding is not fully functional with http > connections? Is the mechanism of ssh port forwarding different from that > of iptables?
No and yes. SSH works just fine for setting up a simple tcp proxy. What you'll probably need for general-purpose browsing is a dedicated HTTP proxy. The reason is that HTTP 1.1 makes use of a Host: header in each request. The client informs the server what hostname it's using via this header. In this way, servers can implement name-based virtual hosting, wherein different sites are presented at the same IP address based on varying Host headers. If your browser thinks it's talking to a host called "localhost", it will send a header "Host: localhost", which will break for sites using name-based virtual hosts (which include quite a few sites) and cookies, since cookies are used per-domain. Using an HTTP proxy should allow you to work through both of these issues. You might consider installing tinyproxy on ssh_server (in your example). Then create an ssh tunnel something like -L 8080:localhost:8080 and set your browser to use localhost:8080 as an HTTP proxy. Then browse as usual, without having to resort to using "http://localhost:2001/";. The browser should send the HTTP proxy requests through the ssh tunnel to the tinyproxy running on the ssh_server. This is a simple but effective solution; if you find yourself using proxy-based browsing frequently, you may find that you prefer one of the many more full-featured (e.g. caching) proxies available in place of tinyproxy. good times, Vineet -- http://www.doorstop.net/ -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin
signature.asc
Description: Digital signature
