webproxy

onlineuser · June 17, 2024, 9:18am

Hi,

is it possible to change the webproxy name in ROS 7?

You came via	1.1 192.168.100.1 (Mikrotik HttpProxy)

For some https connections I get an SSL handshake error when I try to surf via webproxy.

curl: (35) ssl_handshake returned - PolarSSL: (-0x7780) SSL - A fatal alert message was received from our peer

Ignoring the certificate does not help, there must be an issue in ROS.

Thanks.

mkx · June 17, 2024, 12:51pm

I don’t know if “proxy software name” can be changed.

And I highly doubt that this is the problem. When a web browser uses proxy (explicitly configured, not transparent proxy), then it actually requests proxy server to open a TCP connection towards https server and then it uses that connection in a “tunnel” manner … i.e. proxy doesn’t do anything about traffic passed, it doesn’t do anything about certificates, no nothing. And hence server doesn’t see MT Proxy as being a peer (client info is part of end-to-end encrypted traffic).

onlineuser · June 17, 2024, 1:36pm

Most of proxy software can let this empty or let it change (tinyproxy, squid,…).

mkx · June 17, 2024, 6:49pm

I was referring specifically to MT’s proxy implementation, this is the only relevant according to your question.

It’s not fair to compare full-blown software with “functionality-wise similar” parts in ROS … because ROS functions are most of time severely space-restriced and often performance-restricted.

onlineuser · June 18, 2024, 12:44pm

You are right, but maybe this featrue will be implemented in future.

My wish is to be disable following proxy information.

You came from 1.2.3.4(1.2.3.4)
You came via 1.1 ::ffff:11.22.33.44 (Mikrotik HttpProxy)

jaclaz · June 18, 2024, 1:29pm

Is this what you are asking? (webproxy error page)
http://forum.mikrotik.com/t/remove-mikrotik-word-from-error-gateway-timeout/32942/1
http://forum.mikrotik.com/t/editing-webproxy-error-page/76275/1
Or is it something else?

pe1chl · June 18, 2024, 1:39pm

The “proxy name” is only sent to the peer when the request is http.
Probably the proxy test you use is a http page.
However in today’s internet, there are almost no real pages that use http, everything uses https.
When the proxy operates in https mode, it does not (it cannot) insert information in the bytestream.
There also is no errorpage from the router in https mode. There cannot be one.