Spring Port number is not set at Host header with HTTP request if accessing via proxy with CONNECT method

Description: Please suppose that you access your target site via proxy with CONNECT method (i.e., accessing proxy with HTTP tunnelling) by such code.

UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromHttpUrl("https://your.target.site.com:443");

HttpEntity<String> entity = new HttpEntity<String>(SOME_DOCS, HEADERS);
SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory();
factory.setProxy(new Proxy(Type.HTTP, new InetSocketAddress(PROXY_HOST, PROXY_PORT)));

Then, port number is not set at Host header with the HTTP request for the proxy as below. HOST: your.target.site.com

Although it's expected as below. HOST: your.target.site.com:443

How to reproduce the issue: 1. Prepare reverse proxy with enabling HTTP tunnelling for HTTPS access. In my case, I reconfigure my NGIX server as a reverse proxy by adding the following kind of setting with nginx.conf.

  # Reverse proxy configuration
server {
  listen 3128;
  ssl on;
  ssl_certificate     "/etc/nginx/ssl/nginx.crt";
  ssl_certificate_key "/etc/nginx/ssl/nginx.key";
  ssl_prefer_server_ciphers On;
  ssl_protocols TLSv1.2;
  ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Proto $scheme;
  location / {
      proxy_pass https://your.target.site.com:443/;
      proxy_redirect http:// https://;
  }
}

1. Prepare your target web application with enabling HTTPS access via reverse proxy prepared at the step 1.
2. Extract attached zip file - SampleReproducer.zip
3. From files extracted at the step 3., modify the following variables of one of the app source code (TestController.java) - HOST (target app host name or ip / URI), PROXY_HOST, PROXY_PORT
4. Compile extracted files as a Spring Boot app and deploy it on your app server
5. Monitor HTTP request for the target app with using tcpdump or your favorite tool - ex. tcpdump -X > file.dump
6. Access the reproducer with using curl or your favorite tool to access via Spring HTTP client implementation - ex. curl -v http://path.to.reproducer.org/spring
7. Check tcp dump file extracted via the step 6.. You should see there are no port number with Host header value with HTTP request for the proxy (based on CONNECT method).
8. [Optional] Access the reproducer via Apache HTTP client implementation - ex. curl -v http://path.to.reproducer.org/ap-closable. Now you can see the port number (in this case, 443) with Host header value with HTTP request for the proxy.

Note 1: Based on RFC-2817, I check the specification for Host header format in the case of http tunnelling. https://www.ietf.org/rfc/rfc2817.txt​

According to the section 5.2 and 5.3 of this RFC, Host header format should be like the following in the case of http tunnelling. ​ Host: server.example.com:80

So, I think port number should be added with Host header value.

Note 2: If accessing to reverse proxy with PUT method (i.e., not applying http tunneling), I certainly observe that the port number is added with Host header value with using Spring HTTP client implementation.

So, I think port number should be added in spite of access method.

Comment From: rstoyanchev

I've edited your comment to improve the formatting. You might want to check out this Mastering Markdown guide for future reference.

Comment From: rstoyanchev

Most likely it isn't Spring that's setting the "Host" header but JDK's HttpURLConnection. Can you try with HttpComponentsClientHttpRequestFactory (via org.apache.httpcomponents:httpclient)?

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: AkihiroKitada

Hello @rstoyanchev

Thank you for your suggestion.

I modified my reproduce with using HttpComponentsClientHttpRequestFactory instead of SimpleClientHttpRequestFactory as below, then it works as expected.

HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(
            HttpClientBuilder.create()
                .setProxy(new HttpHost(PROXY_HOST, PROXY_PORT, "http"))
                .build());

Thanks.

Please close this issue.