[stunnel-users] Requests to cloud server that requires host header

Guillermo Rodriguez Garcia guille.rodriguez at gmail.com
Wed May 18 10:51:01 CEST 2016


2016-05-17 22:03 GMT+02:00 Lorne Kates <halcyon1234 at hotmail.com>:
> (related to Akamai message from before-- but I have better troubleshooting
> information).
> I'm tying to route traffic through stunnel to a "cloud" based-endpoint.
> That endpoint has a static server name-- test.authorize.net.  (This is the
> dev sandbox for auth.net).
> But if you do an nslookup on test.authorize.net, you'll get back a different
> servername and IP, because it's so wonderfully "cloud".
> Stunnel apparently tries to connect to the nslookup value.  The server
> rejects the request because it can't route it back to test.authorize.net.
> I've tried adding "delay = yes" and "sni = test.authorize.net", but neither
> work.
> To see this in action, a simple setup with any accept, then connect to
> test.authorize.net:443 in client = yes mode.
> This is what a valid response looks like (13 -- give me the darn merchant ID
> in a POST): https://test.authorize.net/gateway/transact.dll
> This is what you'll get if you try to use stunnel (400 invalid url) :
> So how can I get stunnel to send the proper Request Header (host:
> test.authorize.net), make sure it's using http/1.1, etc?

Stunnel won't do this for you (it will not inject any HTTP headers at
all). You must tell your HTTP client software to do it. Example:

'nslookup test.authorize.net' says that the IP address is

Try the following (no stunnel involved here):

curl -k  ->  400 invalid url error
curl -k -H 'Host: test.authorize.net'  ->  Works

With stunnel it is the same. You must tell whatever HTTP client you
are using to send the correct Host: header. In your case you can try:

curl -k -H 'Host: test.authorize.net'

Best regards,

Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com

More information about the stunnel-users mailing list