Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] 访问 443 端口的 http 服务问题 #1939

Closed
9 tasks done
yangon99 opened this issue Mar 27, 2025 · 6 comments
Closed
9 tasks done

[Bug] 访问 443 端口的 http 服务问题 #1939

yangon99 opened this issue Mar 27, 2025 · 6 comments
Labels
bug Something isn't working

Comments

@yangon99
Copy link

yangon99 commented Mar 27, 2025
edited
Loading

验证步骤

  • 我已经阅读了 文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
  • 我仔细看过 文档 并未解决问题
  • 我已在 Issue Tracker 中寻找过我要提出的问题,并且没有找到
  • 我是中文用户,而非其他语言用户
  • 我已经使用最新的 Alpha 分支版本测试过,问题依旧存在
  • 我提供了可以在本地重现该问题的服务器、客户端配置文件与流程,而不是一个脱敏的复杂客户端配置文件。
  • 我提供了可用于重现我报告的错误的最简配置,而不是依赖远程服务器或者堆砌大量对于复现无用的配置等。
  • 我提供了完整的日志,而不是出于对自身智力的自信而仅提供了部分认为有用的部分。
  • 我直接使用 Mihomo 命令行程序重现了错误,而不是使用其他工具或脚本。

操作系统

Windows

系统版本

windows11 23H2 22631.5039

Mihomo 版本

Mihomo Meta v1.18.7 windows amd64 with go1.22.5 Sun Jul 28 05:49:06 UTC 2024
Use tags: with_gvisor

配置文件

proxy-groups:
  - { "name": "Domestic", "type": "select", "proxies": ["DIRECT"] }
rules:
  - IP-CIDR6,::/0,Domestic

  # > LAN
  - DOMAIN-SUFFIX,local,Domestic
  - IP-CIDR,127.0.0.0/8,Domestic
  - IP-CIDR,172.16.0.0/12,Domestic
  - IP-CIDR,192.168.0.0/16,Domestic
  - IP-CIDR,10.0.0.0/8,Domestic
  - IP-CIDR,100.64.0.0/10,Domestic

  - GEOIP,CN,Domestic
  - DOMAIN-SUFFIX,cn,Domestic
  - DOMAIN-KEYWORD,-cn,Domestic
  - MATCH,Domestic

allow-lan: true
# authentication:
#   - 'wdnmd:wsm'

external-controller: 127.0.0.1:9090
secret: "@"
log-level: info
mode: Rule
mixed-port: 7890
tproxy-port: 7893
ipv6: true
dns:
  enable: true
  ipv6: true
  listen: 127.0.0.2:53
  enhanced-mode: fake-ip
  fake-ip-filter:
    - 10.0.0.0/8
    - "*.lan"
  default-nameserver:
    - 8.8.8.8
  nameserver:
    # - 180.76.76.76
    - dhcp://以太网
    - 119.29.29.29
    - 119.28.28.28
    - 219.146.0.130
    - 219.150.32.132
    - 223.6.6.6
    - 156.154.70.1
  fallback:
    - tls://dns.alidns.com:853
    - https://223.6.6.6/dns-query
    - https://1.1.1.1/dns-query
    - https://doh-sg.blahdns.com/dns-query
    - https://rubyfish.cn/dns-query
  fallback-filter:
    geoip: true
tun:
  enable:
    false
    #  macOS-auto-route: true
    #  macOS-auto-detect-interface: true
  stack: system # or gvisor
  auto-route: false
  auto-detect-interface:
    true
    #  dns-hijack:
    #    - 8.8.8.8:53
    #    - tcp://8.8.8.8:53

描述

公司内网在 443 端口部署了一个 http 服务。
所有通过代理访问该地址 443 端口的 http 流量,均被重写为了访问该地址的 80 端口导致无法正常访问相关服务

重现方式

  1. 使用 curl 访问 443 端口服务 curl.exe "http://10.1.26.43:443/" -vvI
  2. 返回 503 状态,查看 mihomo 日志发现其访问了相同服务器的 80 端口

日志

time="2025-03-27T11:33:19.5777043+08:00" level=info msg="Start initial configuration in progress"
time="2025-03-27T11:33:19.5881036+08:00" level=info msg="Geodata Loader mode: memconservative"
time="2025-03-27T11:33:19.5886554+08:00" level=info msg="Geosite Matcher implementation: succinct"
time="2025-03-27T11:33:19.5948937+08:00" level=info msg="Initial configuration complete, total time: 6ms"
time="2025-03-27T11:33:19.595966+08:00" level=info msg="RESTful API listening at: 127.0.0.1:9090"
time="2025-03-27T11:33:19.5969976+08:00" level=info msg="Sniffer is closed"
time="2025-03-27T11:33:19.5975151+08:00" level=info msg="DNS server listening at: 127.0.0.2:53"
time="2025-03-27T11:33:19.5980311+08:00" level=error msg="Start TProxy server error: not supported on current platform"
time="2025-03-27T11:33:19.5980311+08:00" level=info msg="Mixed(http+socks) proxy listening at: [::]:7890"
time="2025-03-27T11:33:19.6015466+08:00" level=info msg="Start initial Compatible provider Domestic"
time="2025-03-27T11:33:19.6015466+08:00" level=info msg="Start initial Compatible provider default"
time="2025-03-27T11:33:19.641657+08:00" level=info msg="Load MMDB file: C:\\Users\\me/.config/mihomo/Country.mmdb"
time="2025-03-27T11:33:22.7422233+08:00" level=info msg="[TCP] 10.2.27.18:60567 --> dc.services.visualstudio.com:443 match Match using Domestic[DIRECT]"
time="2025-03-27T11:33:25.0998534+08:00" level=warning msg="[TCP] dial Domestic (match IPCIDR/10.0.0.0/8) 127.0.0.1:60558 --> 10.1.26.43:80 error: connect failed: dial tcp 10.1.26.43:80: i/o timeout"
time="2025-03-27T11:33:26.7331312+08:00" level=warning msg="Mihomo shutting down"
@yangon99 yangon99 added the bug Something isn't working label Mar 27, 2025
@mqcycy
Copy link

mqcycy commented Mar 27, 2025

前缀是http,不是https?

@Skyxim
Copy link
Collaborator

Skyxim commented Mar 27, 2025

Image

无法复现,请提供更详细的复现条件

@Skyxim Skyxim closed this as not planned Won't fix, can't repro, duplicate, stale Mar 27, 2025
@yangon99
Copy link
Author

yangon99 commented Mar 28, 2025
edited
Loading

无法复现,请提供更详细的复现条件

@Skyxim

  1. 在服务器部署 监听在 443 端口的 http 服务 (python -m http.server -b 0.0.0.0 443

  2. 在客户端执行 curl http://172.20.0.1:443 -vvI --proxy http://127.0.0.1:7890主要问题是这是一个监听在 443 端口的简单 http 服务,而且80 端口也没有其他服务

  3. 通过 proxy ,80 端口被访问
    Image

  4. 不通过 proxy,443 端口被访问
    Image

@psqtdhx 这确实是一个 443 端口的 http 服务,确实很逆天,但是也不是那么好改过来的……

@Skyxim
Copy link
Collaborator

Skyxim commented Mar 28, 2025

@yangon99 对于 HTTP 代理会有特殊处理

mihomo/listener/http/utils.go

Line 44 in f615346

func removeExtraHTTPHostPort(req *http.Request) {

@Skyxim
Copy link
Collaborator

Skyxim commented Mar 28, 2025

@Skyxim 这里似乎错误处理了 443,注释和代码出现了不符

wwqgtxx added a commit that referenced this issue Mar 28, 2025
@wwqgtxx
fix: Conditional judgment is missing in removeExtraHTTPHostPort
802afde 
#1939
wwqgtxx added a commit that referenced this issue Mar 28, 2025
@wwqgtxx
fix: wrong conditional judgment in removeExtraHTTPHostPort
025ff19 
#1939
@wwqgtxx
Copy link
Collaborator

wwqgtxx commented Mar 28, 2025

fixed in: 025ff19

@wwqgtxx wwqgtxx closed this as completed Mar 28, 2025
@BrewTestBot BrewTestBot mentioned this issue Apr 1, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wwqgtxx @yangon99 @Skyxim @mqcycy