Trouble SSH Tunneling to remote server

StackOverflow https://stackoverflow.com/questions/12845595

  •  06-07-2021
  •  | 
  •  

Question

I am trying to get from my local machine to a remote vendor's website that is locked down by IP (our corporate servers are allowed access). I am doing this by tunneling from a server that can access the API without issues, however, when I setup the SSH tunnel and go to a URL on the vendor website, I get a 404 Not Found error. Here is what I'm using:

ssh -f -N user@example.com -L 7777:vendorhostexample.com:80

Everything indicates that the tunnel is setup correctly, but if I try a URL such as 'http://localhost:7777/foobar', I get the 404 error. Any ideas?

Was it helpful?

Solution

Your problem is you are sending the http header "Location: localhost" which means if the destination webserver is using virtualhosts, it will try to lookup for website "localhost" and not for website "vendorhostexample.com"

One way is as Ryan pointed out to modify your hosts file and tell your machine that vendorhostexample.com it's on 127.0.0.1, that way when you type it in your browser you will go through the tunnel with the right "Host:" http header set.

Another way it's installing an extension for your browser to change the Host header like this one for firefox.

OTHER TIPS

Everyone else has already mentioned the issue with the domain name matching the wrong virtual host. Another solution can be to use dynamic tunnels.

If you open a connection with the -D 8080 flag, SSH will open a dynamic tunnel, and expose a SOCKS proxy on port 8080. If you then set your browser (or application of your choice) up to use a SOCKS proxy on localhost:8080, you can tunnel all of your traffic out to the server.

You can edit your local hosts(/etc/hosts for linux) file, and add a line like:

127.0.0.1 vendorhostexample.com

and try again.

You're breaking HTTP with this. Your browser is sending the hostname localhost in the HTTP headers, which means you're request the localhost website of the vendor's site. They almost certainly aren't hosing a localhost site on their server, so you get the 404.

You cannot tunnel HTTP in the way you are. You need to set up a proper HTTP proxy on your company servers.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top