Tag Archives: proxies

Ruby Net::HTTP & Proxies

2 Replies

I ran into a really annoying issue today with Ruby and the Net::HTTP class when trying to make requests out via the restrictive corporate proxy at the office.

The documentation states that “Net::HTTP will automatically create a proxy from the http_proxy environment variable if it is present.” however I was repeatedly seeing my connections fail and a tcpdump confirmed that they weren’t even attempting to transit the proxy server.

Turns out that this proxy transversal only takes place if Net::HTTP is invoked as an object, however if you invoke one of it’s methods directly it ignores the proxy environmentals entirely.

The following example application demonstrates the issue:

#!/usr/bin/env ruby

require 'net/http'

puts "Your proxy is #{ENV["http_proxy"]}"

puts "This will work with your proxy settings:"
uri       = URI('https://www.jethrocarr.com')
request   = Net::HTTP.new(uri.host, uri.port)
response  = request.get(uri)
puts response.code

puts "This won't:"
uri = URI('https://www.jethrocarr.com')
response = Net::HTTP.get_response(uri)
puts response.code

Which will give you something like:

Your proxy is http://ihateproxies.megacorp.com:8080
This will work with your proxy settings:
200
This won't:
/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:878:in `initialize': No route to host - connect(2) (Errno::EHOSTUNREACH)
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:878:in `open'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:878:in `block in connect'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/timeout.rb:52:in `timeout'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:877:in `connect'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:851:in `start'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:582:in `start'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:477:in `get_response'
    from ./proxyexample.rb:18:in `<main>'

Very annoying!

SSH via SOCKS proxies

12 Replies

Non-transparent proxies are generally a complete nuisance at the best of times and huge consumers of time and IT resources at their worst. Sadly proxies are a popular feature in corporate IT networks, so it’s not always possible to avoid them entirely.

Ideally the administrators will have the HTTP/S proxy running transparently, so that users never need to know or configure proxy settings for browsers or other HTTP using applications.

Unfortunately some networks also make use of SOCKS proxies, to block all outgoing TCP and UDP connections unless otherwise authorised. Whilst the feature set of SOCKS is very similar to a firewall, unlike a firewall it’s not network transparent and your applications need to be aware of it and configured to use it.

There’s a lot of information on the web about configuring SSH to *create* a SOCKS proxy, but not a lot about how to use SSH *via* a SOCKS proxy. Because I don’t want to waste any more minutes of my life on the mind-numbing pain that is proxies, the following is the easy command to open an SSH connection through a proxy server:

ssh -o ProxyCommand='nc -x myproxyserver.example.com:1080 %h %p' \
 targetsshserver.example.com