Expand description
HTTP CONNECT tunnel handler (Mode 1 โ Host Filtering).
Handles CONNECT host:port HTTP/1.1 requests by:
- Validating the session token
- Checking the host against the filter (cloud metadata deny list, then allowlist)
- Establishing a TCP connection to the upstream
- Returning
200 Connection Established - Relaying bytes bidirectionally (transparent TLS tunnel)
The proxy never terminates TLS โ it just passes encrypted bytes through. Streaming (SSE, MCP Streamable HTTP, A2A) works transparently.
Functionsยง
- handle_
connect - Handle an HTTP CONNECT request.