Node: Tunnelling connections, Previous: Tuning POST and PUT, Up: Network



Tunnelling connections

Polipo is an HTTP proxy; it proxies HTTP traffic, and clients using other protocols should establish a direct connection to the server or use an ad hoc proxy.

Due to wide-spread brain-damage1, however, there are some circumstances in which establishing a direct connection to the server is not possible. In such situations, it is possible to have Polipo behave as a tunnelling proxy -- a proxy that merely forwards traffic between the client and the server without understanding it. Polipo enters tunnel mode when the server requests it by using the HTTP CONNECT method.

Most web browsers will use this technique for HTTP over SSL (sometimes known as `https') if configured to use Polipo as their `https proxy'. Recent versions of ssh can also use it to cross mis-configured firewalls.

The variable tunnelAllowedPorts specifies the set of ports that Polipo will accept to tunnel traffic to. It defaults to 22, 80, 443, meaning that Polipo will only tunnel ssh, HTTP and https traffic.


Footnotes

  1. Sometimes known as NAT.