Mitmproxy received an absolute-form request error

[axot]

Steps to reproduce the problem:

tcpdump result:

CONNECT sample.domain.com:80 HTTP/1.1
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Host: sample.domain.com:80

HTTP/1.1 200 Connection established

POST http://sample.domain.com/ajax/info/info HTTP/1.1
User-Agent: Unity/5.4.3p4 (Mac OS X 10.12.3; MacBookPro12,1)
Host: sample.domain.com
Accept-Encoding: gzip, identity
Proxy-Connection: Keep-Alive
Connection: Keep-Alive, TE
TE: identity
Content-Length: 0
Cookie: apv=1.0; abc=; abd=; abe=

HTTP/1.1 400 Bad Request
Server: mitmproxy 2.0.0
Connection: close
Content-Length: 436
Content-Type: text/html

<html>
            <head>
                <title>400 Bad Request</title>
            </head>
            <body>
            <h1>400 Bad Request</h1>
            <p>HttpException(&#x27;Mitmproxy received an absolute-form request even though it is not running in regular mode. This usually indicates a misconfiguration, please see http://docs.mitmproxy.org/en/stable/modes.html for details.&#x27;,)</p>
            </body>
        </html>HTTP/1.1 502 Bad Gateway
Server: mitmproxy 2.0.0
Connection: close
Content-Length: 479
Content-Type: text/html

<html>
            <head>
                <title>502 Bad Gateway</title>
            </head>
            <body>
            <h1>502 Bad Gateway</h1>
            <p>ProtocolException(&#x27;HTTP protocol error in client request: Mitmproxy received an absolute-form request even though it is not running in regular mode. This usually indicates a misconfiguration, please see http://docs.mitmproxy.org/en/stable/modes.html for details.&#x27;,)</p>
            </body>
        </html>

Any other comments? What have you tried so far?

I fixed this temporarily with

mitmproxy/mitmproxy/proxy/root_context.py

Line 100 in 83f1e2e

return protocol.Http1Layer(top_layer, http.HTTPMode.transparent)

- return protocol.Http1Layer(top_layer, http.HTTPMode.transparent)
+ return protocol.Http1Layer(top_layer, http.HTTPMode.regular)

System information

Mitmproxy version: 2.0.0 (release version)
Python version: 3.6.0
Platform: Darwin-16.4.0-x86_64-i386-64bit
SSL version: OpenSSL 1.1.0e 16 Feb 2017
Mac version: 10.12.3 ('', '', '') x86_64

[mhils]

Thanks for the extensive report. This seems to be a duplicate of #848?

[axot]

Did this mean, I should change the behaviour to like this way?

CONNECT sample.domain.com:80 HTTP/1.1
POST /ajax/info/info HTTP/1.1

[Kriechi]

Yes, this is what most clients do. They send a CONNECT with the host they need a connection to, and then they only send relative paths.

[axot]

Should we add an option to disable validate_request_form ?

[mhils]

So there are two things I'd love to see:

1. First, always accept requests in absolute-form going to the same host. For example, after CONNECT example.com, we should accept GET http://example.com/foo, but not GET http://example.org/foo. This would for example fix this issue.
2. Second, as you suggested, add a --relax-http-form-validation switch.

[mhils]

I copied that to #848, let's continue there :)