I have a server in DMZ. This is kind of a gateway for vendor to come in and work on our servers. This is possible only when we allow them to, and the vendor provides a mechanism to open and close the gates using an HTML interface. We do not have direct access to that host, only HTML interface. We want to make sure that the gates remain closed unless we explicitly open then and do not forget to close them.
Idea is, when the gates are closed certain sites are not accessible from within DMZ. So I thought I can use DMZ server as a hop/proxy for curl, then see if we are able to get response from that page, if yes we know that the gate is open.
Here are the details:
Internal Host: 172.xx.xx.xx (This is where we send out a test probe from)
DMZ Host: 10.xx.xx.xx
Vendor site: rest-vpn.example.com
The vendor site is accessible only from the host within DMZ.
From internal host I am trying the following:
[[email protected] ~]$ curl -x https://10.xx.xx.xx:443 --proxy-user username:password -L telnet://rest-vpn.example.com:443
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
[[email protected] ~]$
If I change telnet://rest-vpn.example.com:443 to https://rest-vpn.example.com:443 I am getting the following:
curl: (56) Proxy CONNECT aborted
I know that I am able get an HTTP request processed, please see below, so its not port issue.
[[email protected] ~]$ curl -I https://10.xx.xx.xx:443 -k
HTTP/1.1 200 OK
Date: Tue, 10 Oct 2023 17:36:38 GMT
Server: Apache
Content-Security-Policy: frame-ancestors 'self' https://*.example.com ;
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Permitted-Cross-Domain-Policies: none
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 22 Jul 2023 20:01:22 GMT
ETag: "713-603b0b12e6880"
Accept-Ranges: bytes
Content-Length: 1811
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html
[[email protected] ~]$
Is it possible to do it this way at all? Hope I did not get this as a wrong concept.