HTTP Request Methods: CONNECT

By: Dusty Arlia
Published on Friday, April 25, 2014, 04:49 PM
Last Updated on Monday, July 06, 2015 at 3:00 PM
Total Updates: 2

The HTTP CONNECT method is used for non-HTTP connections through HTTP proxies. HTTP CONNECT requests get converted by the specified target resource. The target resource converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.

The HTTP CONNECT method is not meant to be used for direct connections to web servers. For stronger security, web servers should not allow HTTP CONNECT requests. If enabled, an attacker may be able access a victim's network by tunneling using TCP.