[stunnel-users] Requests to cloud server that requires host header
Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com
Wed May 18 10:51:01 CEST 2016
Hello,
2016-05-17 22:03 GMT+02:00 Lorne Kates <halcyon1234 at hotmail.com>:
> (related to Akamai message from before-- but I have better troubleshooting
> information).
>
> I'm tying to route traffic through stunnel to a "cloud" based-endpoint.
> That endpoint has a static server name-- test.authorize.net. (This is the
> dev sandbox for auth.net).
>
> But if you do an nslookup on test.authorize.net, you'll get back a different
> servername and IP, because it's so wonderfully "cloud".
>
> Stunnel apparently tries to connect to the nslookup value. The server
> rejects the request because it can't route it back to test.authorize.net.
>
> I've tried adding "delay = yes" and "sni = test.authorize.net", but neither
> work.
>
> To see this in action, a simple setup with any accept, then connect to
> test.authorize.net:443 in client = yes mode.
>
> This is what a valid response looks like (13 -- give me the darn merchant ID
> in a POST): https://test.authorize.net/gateway/transact.dll
>
> This is what you'll get if you try to use stunnel (400 invalid url) :
> https://23.195.204.150/gateway/transact.dll
>
> So how can I get stunnel to send the proper Request Header (host:
> test.authorize.net), make sure it's using http/1.1, etc?
Stunnel won't do this for you (it will not inject any HTTP headers at
all). You must tell your HTTP client software to do it. Example:
'nslookup test.authorize.net' says that the IP address is 104.83.163.210
Try the following (no stunnel involved here):
curl -k https://104.83.163.210/gateway/transact.dll -> 400 invalid url error
curl -k -H 'Host: test.authorize.net'
https://104.83.163.210/gateway/transact.dll -> Works
With stunnel it is the same. You must tell whatever HTTP client you
are using to send the correct Host: header. In your case you can try:
curl -k -H 'Host: test.authorize.net'
https://23.195.204.150/gateway/transact.dll
Best regards,
Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com
More information about the stunnel-users
mailing list