-
-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't use session proxy in its request for HTTPS protocol #2911
Comments
Have you tried the same request without setting |
Just did. Same result : KO |
Hmm. I wonder if this is connection pooling related. @Bl4ckC4t, are you comfortable with wireshark? |
I would like to avoid that. Being in a corporate environment and not knowing Wireshark that well, I'm afraid to transmit info of my company that will most probably get me fired. Is there any other way? |
@Bl4ckC4t What I'm worried about is that this may be interacting with our connection re-use logic. This seems the most likely cause of the problem. |
Can you tell me what you are looking for in the wireshark capture and I will try to get it for you without the dump - if you think it's possible. |
I'm interested to see, in the case of the second request, whether a new TCP connection and CONNECT request are made or whether we re-use the old one. If a new one is made, I want to see if it has the Proxy-Authorization header in place. |
On the second request, an new tcp connection is made (I guessed that because it uses another port). Inside the Hypertext Transfer Protocol, the proxy authorization header is correctly set. I looked at the third one and it doesn't contain it. |
@Bl4ckC4t Does the third one use a new TCP connection, or the same one? |
New one. |
Ok, so that's interesting. What version of requests are you using and where did you get it? |
requests==2.8.1 on Windows. |
So, I think the issue here is that we're not correct re-applying the proxy headers in this case. |
My real issue is that I'm using a library using this mechanism and failing to request. I can't change s.get(url) to s.get(url,proxy). Do you see any workaround where I would change the session object state in order to force proxy usage at every request of this session ? If not, I will wait for the fix. In any case, thank you very much for the time you spend on this issue. |
Wait, @Bl4ckC4t, my understanding is that you are using the I'm trying to get an exact reproduction of this problem on my own system. Right now, I'm getting connections that correctly re-use the established tunnel, which is not quite right. |
I'm actually using this library : https://pypi.python.org/pypi/jira |
@Bl4ckC4t Can you check whether the response to the second request sends the |
So far, I'm unable to reproduce this: the new TCP connections correctly have the Proxy-Authorization header set. |
Here is the overview of the dump. "Protocol","No.","Info" Breakpoint before request 2 : packet number 178 No proxy auth on 1021 i filtered on my ip and ip dest. Which packet number do you want me to check connection header? |
Hang on, hang on. I see two HTTP requests here, and one HTTPS, but your code above makes two HTTPS requests and one HTTP. Are you sure this behaviour is right? Did the first request get redirected? (e.g. what's the value of r.history for the first request) |
Right, sorry, I messed up my test when rebuild it (lost it by mistake), let me make you a new one. |
So new one : "Protocol","No.","Info" Breakpoint before request 2 : packet number 16748 |
And, again, to clarify: the third request for google.com is the one that has no Proxy-Authorization header? |
3rd request , packet 82312 - no Proxy Authorization Header |
hmm. That's interesting: it doesn't look like the connection is being closed, but it's not available to the pool either. Can you verify something for me: can you right-click on each of the new SYNs that contain requests and hit "follow TCP stream"? Just check that the Proxy-Authorization header didn't come in a later packet, because it does on my machine. |
1st SYN TCP Stream : HTTP/1.1 200 OK BINARY 2nd SYN TCP Stream : BINARY 3rd SYN TCP Stream: Header on authentification HTML code showing our access denied page |
Hmm. Right now I'm totally short on exactly why this is happening. The TCP stream for the second response: does it get terminated? (RST or FIN packets) |
Don't see anything like that. |
So, my question is why there's a second connection at all. If the connection is still up, there's no reason for us to have thrown it away as far as I can tell. I'm extremely perplexed as to why the connection is not being re-used. With the proxy I have on my local machine (Charles Proxy), we quite happily re-use that same TCP connection, and if we don't re-use it (because it got torn down) we create a new one with the new headers. For some insane reason, one part of requests believes that the old connection is still being used, and another part believes that it's not, and I'm not sure why yet. I'm going to take a quick look at Python 3.4's |
I cannot see anything that immediately suggests that this problem would occur. Only if a second call to It would be interesting if you could confirm that we never call |
Set_tunnel is called for request 2 and 3 (not 1). Call stack |
HTTPConnection pool doesn't do anything when _prepare_proxy, keeping the proxy. HTTPSConnectionPool will call set tunnel every time. |
Yeah, that's all as expected. Can you confirm that, for the second request, set_tunnel is called with the appropriate proxy headers? |
request 2 : self.proxy_headers == {'Proxy-Authorization': [Id1]} |
Additional info, if i comment : So my guess is proxy info are correctly retrieved from the session proxies but it's good when it's from session.get() argument proxies. |
I think i found the issue. It's in In input I have request_setting and session_setting. |
In the third case there should be no request setting at all as you didn't set one. Do you have the |
I thought I did, but it's not there anymore as I restarted my workstation. In the mean time, I deactivated trust_env and it works. |
Hurrah! Here we are. For the future, you can put the auth credentials in the |
I've been struggling with my company proxy to make an https request.
import requests
from requests.auth import HTTPProxyAuth
proxy_string = 'http://user:password@url_proxt:port_proxy'
s = requests.Session()
s.proxies = {"http": proxy_string , "https": proxy_string}
s.auth = HTTPProxyAuth(user,password)
r = s.get('http://www.google.com') # OK
print(r.text)
r = s.get('https://www.google.com',proxies={"http": proxy_string , "https": proxy_string}) #OK
print(r.text)
r = s.get('https://www.google.com') # KO
print(r.text)
When KO, I have the following exception :
HTTPSConnectionPool(host='www.google.com', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 407 Proxy Authentication Required',)))
I looked online but didn't find someone having this specific issue with HTTPS.
Thank you for your time
Description of issue here :
http://stackoverflow.com/questions/34025964/python-requests-api-using-proxy-for-https-request-get-407-proxy-authentication-r
The text was updated successfully, but these errors were encountered: