push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-29 14:06:47 +00:00
parent af13d3af10
commit e6b3ae395c
9 changed files with 246 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
readme.problems.md
View File

@@ -55,4 +55,24 @@ TypeError: Cannot read properties of undefined (reading 'type')
5. **Implement Route-Specific Security**: Add security checks when a route is matched to enforce route-specific IP allow/block lists and authentication rules. ✅ FIXED - IP allow/block lists are now enforced at the route level.
6. **Fix TLS Detection Logic**: The connection handler was treating all connections as TLS. This has been partially fixed but needs proper testing for all TLS modes.
6. **Fix TLS Detection Logic**: The connection handler was treating all connections as TLS. This has been partially fixed but needs proper testing for all TLS modes.
## 7. HTTP Domain Matching Issue
**Problem**: Routes with domain restrictions fail to match HTTP connections because domain information is only available after HTTP headers are received, but route matching happens immediately upon connection.
**Evidence**:
- `test.http-port8080-forwarding.ts` - "No route found for connection on port 8080" despite having a matching route
- HTTP connections provide domain info via the Host header, which arrives after the initial TCP connection
- Route matching in `handleInitialData` happens before HTTP headers are parsed
**Impact**: HTTP routes with domain restrictions cannot be matched, forcing users to remove domain restrictions for HTTP routes.
**Root Cause**: For non-TLS connections, SmartProxy attempts to match routes immediately, but the domain information needed for matching is only available after parsing HTTP headers.
**Status**: ✅ FIXED - Added skipDomainCheck parameter to route matching for HTTP proxy ports. When a port is configured with useHttpProxy and the connection is not TLS, domain validation is skipped at the initial route matching stage, allowing the HttpProxy to handle domain-based routing after headers are received.
## 8. HttpProxy Plain HTTP Forwarding Issue
**Problem**: HttpProxy is an HTTPS server but SmartProxy forwards plain HTTP connections to it via `useHttpProxy` configuration.
**Evidence**:
- `test.http-port8080-forwarding.ts` - Connection immediately closed after forwarding to HttpProxy
- HttpProxy is created with `http2.createSecureServer` expecting TLS connections
- SmartProxy forwards raw HTTP data to HttpProxy's HTTPS port
**Impact**: Plain HTTP connections cannot be handled by HttpProxy, despite `useHttpProxy` configuration suggesting this should work.
**Root Cause**: Design mismatch - HttpProxy is designed for HTTPS/TLS termination, not plain HTTP forwarding.
**Status**: Documented. The `useHttpProxy` configuration should only be used for ports that receive TLS connections requiring termination. For plain HTTP forwarding, use direct forwarding without HttpProxy.