Skip to content

Instantly share code, notes, and snippets.

@yowu
Last active Nov 25, 2021
Embed
What would you like to do?
A simple HTTP proxy by Golang
package main
import (
"flag"
"io"
"log"
"net"
"net/http"
"strings"
)
// Hop-by-hop headers. These are removed when sent to the backend.
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
var hopHeaders = []string{
"Connection",
"Keep-Alive",
"Proxy-Authenticate",
"Proxy-Authorization",
"Te", // canonicalized version of "TE"
"Trailers",
"Transfer-Encoding",
"Upgrade",
}
func copyHeader(dst, src http.Header) {
for k, vv := range src {
for _, v := range vv {
dst.Add(k, v)
}
}
}
func delHopHeaders(header http.Header) {
for _, h := range hopHeaders {
header.Del(h)
}
}
func appendHostToXForwardHeader(header http.Header, host string) {
// If we aren't the first proxy retain prior
// X-Forwarded-For information as a comma+space
// separated list and fold multiple headers into one.
if prior, ok := header["X-Forwarded-For"]; ok {
host = strings.Join(prior, ", ") + ", " + host
}
header.Set("X-Forwarded-For", host)
}
type proxy struct {
}
func (p *proxy) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
log.Println(req.RemoteAddr, " ", req.Method, " ", req.URL)
if req.URL.Scheme != "http" && req.URL.Scheme != "https" {
msg := "unsupported protocal scheme "+req.URL.Scheme
http.Error(wr, msg, http.StatusBadRequest)
log.Println(msg)
return
}
client := &http.Client{}
//http: Request.RequestURI can't be set in client requests.
//http://golang.org/src/pkg/net/http/client.go
req.RequestURI = ""
delHopHeaders(req.Header)
if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
appendHostToXForwardHeader(req.Header, clientIP)
}
resp, err := client.Do(req)
if err != nil {
http.Error(wr, "Server Error", http.StatusInternalServerError)
log.Fatal("ServeHTTP:", err)
}
defer resp.Body.Close()
log.Println(req.RemoteAddr, " ", resp.Status)
delHopHeaders(resp.Header)
copyHeader(wr.Header(), resp.Header)
wr.WriteHeader(resp.StatusCode)
io.Copy(wr, resp.Body)
}
func main() {
var addr = flag.String("addr", "127.0.0.1:8080", "The addr of the application.")
flag.Parse()
handler := &proxy{}
log.Println("Starting proxy server on", *addr)
if err := http.ListenAndServe(*addr, handler); err != nil {
log.Fatal("ListenAndServe:", err)
}
}
@techninja1008

This comment has been minimized.

Copy link

@techninja1008 techninja1008 commented Mar 30, 2018

Awesome!

@macmacs

This comment has been minimized.

Copy link

@macmacs macmacs commented Aug 18, 2018

Really great. It is also quite fast 👍

@foolishway

This comment has been minimized.

Copy link

@foolishway foolishway commented Jan 28, 2020

您好,请教个问题,如果我要用这个proxy解决浏览器跨域问题的话,是不是也要把静态页面部署到和这个proxy同样的端口上?不然依然访问不了这个proxy啊,求指教

@kokizzu

This comment has been minimized.

Copy link

@kokizzu kokizzu commented Feb 14, 2020

cool gist :3

but does not work for https?

curl -x http://127.0.0.1:8080 https://google.com/
curl: (56) Received HTTP code 400 from proxy after CONNECT

btw i fork this and merge with caching http://github.com/kokizzu/tiny-http-proxy

@HopHouse

This comment has been minimized.

Copy link

@HopHouse HopHouse commented Apr 26, 2020

@kokizzu or anyone else managed to make it worked with HTTPS ?

@kokizzu

This comment has been minimized.

Copy link

@kokizzu kokizzu commented Apr 26, 2020

no @HopHouse, i ended using 3proxy, polipo2, squid3, and ssh -vND after tried a bunch of other alternatives, but apparently it's quite hard to find correct squid configuration/other working software that could cache https requests.

@jimwei

This comment has been minimized.

Copy link

@jimwei jimwei commented Jun 24, 2020

您好,请教个问题,如果我要用这个proxy解决浏览器跨域问题的话,是不是也要把静态页面部署到和这个proxy同样的端口上?不然依然访问不了这个proxy啊,求指教

不需要, 添加跨域访问CORS中间件即可.

@asheplyakov

This comment has been minimized.

Copy link

@asheplyakov asheplyakov commented Jul 17, 2020

TL;DR: https traffic is encrypted, a proxy is just a dumb intermediary between the client and server in this case.

https traffic is encrypted with the session key at the client (and server) side. Therefore the traffic in the different
sessions is always different, even if they are transferring the same content. In order to serve something from
the cache a proxy should have decrypted the traffic. Being able to decrypt the intercepted https traffic means
a successful attack on https. Sometimes this is possible (google for OpenSSL heartbleed).
However in general it's not feasible. And in most cases it's considered illegal.

@g00nix

This comment has been minimized.

Copy link

@g00nix g00nix commented Mar 19, 2021

TL;DR: https traffic is encrypted, a proxy is just a dumb intermediary between the client and server in this case.

https traffic is encrypted with the session key at the client (and server) side. Therefore the traffic in the different
sessions is always different, even if they are transferring the same content. In order to serve something from
the cache a proxy should have decrypted the traffic. Being able to decrypt the intercepted https traffic means
a successful attack on https. Sometimes this is possible (google for OpenSSL heartbleed).
However in general it's not feasible. And in most cases it's considered illegal.

So just do the HTTPS Proxy without cache.

Mind... blown...

@abdennour

This comment has been minimized.

Copy link

@abdennour abdennour commented Jul 26, 2021

awesome guys!

@carnerito

This comment has been minimized.

Copy link

@carnerito carnerito commented Oct 2, 2021

Great gist! I have one question. Why do you create a new instance of http.Client for each request? As stated in Golang documentation for http Client, it is concurrent safe and can be used concurrently by multiple goroutines?

Is there some downside of having a global http Client?

@Yapcheekian

This comment has been minimized.

Copy link

@Yapcheekian Yapcheekian commented Nov 3, 2021

if req.URL.Scheme != "http" && req.URL.Scheme != "https" {
		msg := "unsupported protocal scheme " + req.URL.Scheme
		http.Error(wr, msg, http.StatusBadRequest)
		log.Println(msg)
		return
	}

i think this part is redundant since you are using ListenAndServe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment