When using web Proxy on v5.25 to forward to upstream proxy, HTTPS forwarding breaks. It appears that OS is adding a trailing / to the CONNECT method.
Reqeust client->Router sees this :-
curl -x 192.168.88.253:8080 https://www.amazon.com/ -vvv
- About to connect() to proxy 192.168.88.253 port 8080 (#0)
- Trying 192.168.88.253…
- Adding handle: conn: 0x7f91da803a00
- Adding handle: send: 0
- Adding handle: recv: 0
- Curl_addHandleToPipeline: length: 1
-
- Conn 0 (0x7f91da803a00) send_pipe: 1, recv_pipe: 0
- Connected to 192.168.88.253 (192.168.88.253) port 8080 (#0)
- Establish HTTP proxy tunnel to http://www.amazon.com:443
CONNECT http://www.amazon.com:443 HTTP/1.1
Host: http://www.amazon.com:443
User-Agent: curl/7.30.0
Proxy-Connection: Keep-Alive
< HTTP/1.0 400 Bad request
< Server: Zscaler/4.1
< Content-Type: text/html
< Connection: close
<
- Received HTTP code 400 from proxy after CONNECT
- Connection #0 to host 192.168.88.253 left intact
curl: (56) Received HTTP code 400 from proxy after CONNECT
When I PCAP Router->Upstream Proxy, I see this
CONNECT http://www.amazon.com:443/ HTTP/1.1
Host: http://www.amazon.com:443
User-Agent: curl/7.30.0
X-Proxy-ID: 2015458258
X-Forwarded-For: 192.168.88.17
Via: 1.1 192.168.88.253 (Mikrotik HttpProxy)
HTTP/1.0 400 Bad request
Server: Zscaler/4.1
Content-Type: text/html
Connection: close
Bad Request
Your browser sent a request that this server could not understand.
Note the trailing / after http://www.amazon.com:443 . This breaks the RFC AFAIK.
Any thoughts on this? Is this a bug, or is the upstream proxy at fault?