Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: HTTP requests sent via HTTP proxy are forwarded to the wrong host #30775

noneymous opened this issue Mar 12, 2019 · 3 comments


Copy link

@noneymous noneymous commented Mar 12, 2019

What version of Go are you using (go version)?

go version go1.11.2 windows/amd64

Does this issue reproduce with the latest release?


What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GOARCH=amd64
set GOHOSTARCH=amd64
set GOHOSTOS=windows

What did you do?

I tried to send an HTTP request with a custom host header via an HTTP proxy. Sample code:

func Test(t *testing.T) {
	proxy, errParse := url.Parse("")
	if errParse != nil {
		t.Errorf("could not parse proxy URL '%s'", errParse)

	// Define custom client allowing insecure SSL connections and any SSL ciphers (in case of HTTPS)
	client := &http.Client{
		Transport: &http.Transport{
			Proxy:                 http.ProxyURL(proxy),
		// CheckRedirect: -> default is nil, which tells it to stop after 10 consecutive requests

	// Build request
	req, errNew := http.NewRequest("GET", "", nil)
	if errNew != nil {
		t.Errorf("could not parse proxy URL '%s'", errParse)

	// Set virtual host
	req.Host = ""

	// Set request headers
	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0")

	// Send request
	resp, errDo := client.Do(req)
	if errDo != nil {


What did you expect to see?

The sent request should be sent (by the proxy on behalf of me) to "" along with the host header "".

When I define the web server host as "xxx" with a vhost "yyy", the proxy should do the same.

What did you see instead?

The proxy did NOT connect to in order to send the HTTP request, but it directly tried to connect to "" taken from the request's host header. This is wrong, "" is not the server, it is just the vhost, so the request obviously could not be delivered.

Where is the bug?

I have already traced the issue. net/http/request.go:545 (line number from current master) takes data from the host header:

It should take it from the original URL, like this:


Here is a screenshot form BurpSutite, showing, that it receives the request but forwards it to instead of

With my suggested fix, it is correct, like this:

@noneymous noneymous changed the title net/http HTTP requests sent via HTTP proxy are forwarded to the wrong host net/http: HTTP requests sent via HTTP proxy are forwarded to the wrong host Mar 12, 2019
Copy link

@julieqiu julieqiu commented Mar 12, 2019

cc: @bradfitz

Copy link

@noneymous noneymous commented Mar 13, 2019

I asked myself why this was not discovered before, because it seems to be a quite common use-case. Two reason I can come up with:

  • It's only affecting HTTP requests. For HTTPS, a "CONNECT" request is created, and there it is done correctly
  • In most production environments the server has a hostname pointing to it, equal to the vhost. Then it wouldn't be a problem, you can use either vhost or hostname to establish a connection, becasue they are equal. However, in none-production environments (on the hosting side) it is quite common to have a server without hostname or DNS running multiple applications. Anyways, independent of the hosting setup, technically, the vhost should just be the header sent along and not the address to connect to.
Copy link

@noneymous noneymous commented Mar 9, 2020

Hi all! This is a year old by now. I think the fix should be quite straight forward... Any opinions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants