HOME

TheInfoList



Click Here for Items Related To - HTTP tunnel
OR:
HTTP tunnel on:   [Wikipedia]   [Google]   [Amazon]

HTTP tunneling is used to create a network link between two computers in conditions of restricted network connectivity including firewalls,
NAT Nat or NAT may refer to: Computing * Network address translation (NAT), in computer networking Organizations * National Actors Theatre, New York City, U.S. * National AIDS trust, a British charity * National Archives of Thailand * National As ...
s and ACLs, among other restrictions. The tunnel is created by an intermediary called a
proxy server In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. Instead of connecting directly to a server that can fulfill a request ...
which is usually located in a
DMZ A demilitarized zone (DMZ or DZ) is an area in which treaties or agreements between nations, military powers or contending groups forbid military installations, activities, or personnel. A DZ often lies along an established frontier or bounda ...
. Tunneling can also allow communication using a
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technolog ...
that normally wouldn’t be supported on the restricted network.


HTTP CONNECT method

The most common form of HTTP tunneling is the standardized HTTP CONNECT method. In this mechanism, the client asks an HTTP proxy server to forward the TCP connection to the desired destination. The server then proceeds to make the connection on behalf of the client. Once the connection has been established by the server, the proxy server continues to proxy the TCP stream to and from the client. Only the initial connection request is HTTP - after that, the server simply proxies the established TCP connection. This mechanism is how a client behind an HTTP proxy can access websites using SSL or TLS (i.e. HTTPS). Proxy servers may also limit connections by only allowing connections to the default HTTPS port 443,
whitelisting A whitelist, allowlist, or passlist is a mechanism which explicitly allows some identified entities to access a particular privilege, service, mobility, or recognition i.e. it is a list of things allowed when everything is denied by default. It is ...
hosts, or blocking traffic which doesn't appear to be SSL.


Example negotiation

The client connects to the proxy server and requests tunneling by specifying the port and the host computer to which it would like to connect. The port is used to indicate the protocol being requested. CONNECT streamline.t-mobile.com:22 HTTP/1.1 Proxy-Authorization: Basic encoded-credentials If the connection was allowed and the proxy has connected to the specified host then the proxy will return a 2XX success response. HTTP/1.1 200 OK The client is now being proxied to the remote host. Any data sent to the proxy server is now forwarded, unmodified, to the remote host and the client can communicate using any protocol accepted by the remote host. In the example below, the client is starting SSH communications, as hinted at by the port number in the initial CONNECT request. SSH-2.0-OpenSSH_4.3\r\n ...


HTTP tunneling without using CONNECT

A HTTP tunnel can also be implemented using only the usual HTTP methods as POST, GET, PUT and DELETE. This is similar to the approach used in Bidirectional-streams Over Synchronous HTTP (
BOSH Bosh or BOSH may refer to: * BOSH (protocol), a transport protocol in computer networking * Bosh (band), a Christian rock band from Bournemouth, United Kingdom *Bosh (rapper), French rapper * BOSH (software), a project for release engineering, dep ...
). In this , a special HTTP server runs outside the protected network and a client program is run on a computer inside the protected network. Whenever any network traffic is passed from the client, the client repackages the traffic data as a HTTP request and relays the data to the outside server, which extracts and executes the original network request for the client. The response to the request, sent to the server, is then repackaged as an HTTP response and relayed back to the client. Since all traffic is encapsulated inside normal GET and POST requests and responses, this approach works through most proxies and firewalls.


See also

*
ICMP tunnel An ICMP tunnel establishes a covert connection between two remote computers (a client and proxy), using ICMP echo requests and reply packets. An example of this technique is tunneling complete TCP traffic over ping requests and replies. Technica ...
*
Pseudo-wire In computer networking and telecommunications, a pseudowire (or pseudo-wire) is an emulation of a point-to-point connection over a packet-switched network (PSN). The pseudowire emulates the operation of a "transparent wire" carrying the servic ...
* Tunnel broker *
Virtual private network A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
(VPN) *
Virtual extensible LAN Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethern ...
*
Network virtualization using generic routing encapsulation Network Virtualization using Generic Routing Encapsulation (NVGRE) is a network virtualization technology that attempts to alleviate the scalability problems associated with large cloud computing deployments. It uses Generic Routing Encapsulation ...


References

{{DEFAULTSORT:Http Tunnel Hypertext Transfer Protocol Network protocols Computer security