1 Reply Latest reply on Apr 23, 2012 7:33 AM by Zhenya1919

    HTTP tunneling doesn't work with NetConnection

    Zhenya1919 Level 1

      I'm researching a problem with NetConnection failing to connect through a proxy server using RTMP and RTMPS protocols. In my test I setup squid as the local proxy server and tried to call connect method on a NetConnection with proxyType = "best". When direct connection fails NetConnection correctly tries to use HTTP CONNECT method to tunnel the rtmp connection through the proxy server. But all I can see in the proxy logs is:

      1334347990.276      0 TCP_DENIED/400 1552 NONE NONE:// - NONE/- text/html

      The connection fails in the result. So, with the internet access through a proxy server RTMP/RTMPS protocols do not work at all.


      I did some traffic capturing and discovered that NetConnection builds HTTP CONNECT request for server.com as:

      "CONNECT server.com:443 HTTP/1.1 \r\n\r\n".

      Please pay attention to the space (0x20) character between "HTTP/1.1" and "\r\n\r\n". For a request like that my proxy server returns "HTTP/1.0 400 Bad Request" response.


      Then I tried to build my own HTTP CONNECT request and discovered that it only works if the space character is removed:

      "CONNECT server.com:443 HTTP/1.1\r\n\r\n".


      With the fix above RTMP/RTMPS tunneling works just fine. I'm surprised this is not a well known problem. Maybe it is a squid specific issue. Or there is something wrong with my environment (I'm not sure if AIR is responsible for building HTTP CONNECT request). So, please advise if it is a bug and anyone had the same problem. Any workarounds would be welcomed as well.

        • 1. Re: HTTP tunneling doesn't work with NetConnection
          Zhenya1919 Level 1

          I had a chance to do some more research on this topic and I think I came up with a work around for the problem. It was only tested with squid proxy server since it is the only proxy server our client uses at the moment. The work around is quite dirty but it works. I won't post the entire solution since it is pretty simple. Thanks to the mechanism of native extensions introduced in AIR 3.0 I could develop a native Windows extension that intercepts ws2_32.dll send() call and corrects the CONNECT request by removing the trailing space character. The call interception is made by the detours library.

          Hope that the proxy issue will be resolved in future versions of Adobe AIR and Flash player.