HTTP/1.x is.  For example, the proxy authentication may be used just
   like with any other request to the proxy:

         CONNECT home.netscape.com:443 HTTP/1.0
         User-agent: Mozilla/4.0
         Proxy-authorization: basic dGVzdDp0ZXN0

         ...data to be tunnelled to the server...


3.2. Proxy Response

   After the empty line in the request, the client will wait for a
   response from the proxy.  The proxy will evaluate the request, make
   sure that it is valid, and that the user is authorized to request
   such a connection.  If everything is in order, the proxy will make a




 
TCP PROTOCOL TUNNELING IN WEB PROXY SERVERS INTERNET-DRAFT   August 1998


   connection to the destination server, and, if successful, send a "200
   Connection established" response to the client.  Again, the response
   follows the HTTP/1.x protocol, so the response line starts with the
   protocol version specifier, and the response line is followed by zero
   or more response headers, followed by an empty line.  The line
   separator is CR LF pair.

   Example of a response:

         HTTP/1.0 200 Connection established
         Proxy-agent: Netscape-Proxy/1.1

         ...data tunnelled from the server...

   After the empty line, the proxy will start passing data from the
   client connection to the remote server connection, and vice versa.
   At any time, there may be data coming from either connection, and
   that data must be forwarded to the other connection immediately.

   Note that since the tunnelled protocol is opaque to the proxy server,
   the proxy cannot make any assumptions about which connection the
   first, or any subsequent, packets will arrive.  In other words, the
   proxy server must be prepared to accept packets from either of the
   connections at any time.  Otherwise, a deadlock may occur.

   If at any point either one of the peers gets disconnected, any
   outstanding data that came from that peer will be passed to the other
   one, and after that also the other connection will be terminated by
   the proxy.  If there is outstanding data to that peer undelivered,
   that data will be discarded.


   An example of a tunneling request/response in an interleaved
   multicolumn format:

     CLIENT -> SERVER                        SERVER -> CLIENT
     --------------------------------------  -----------------------------------
     CONNECT home.netscape.com:443 HTTP/1.0
     User-agent: Mozilla/4.0
     <<< empty line >>>
                                             HTTP/1.0 200 Connection established
                                             Proxy-agent: Netscape-Proxy/1.1
                                             <<< empty line >>>
                  <<< data tunneling to both directions begins >>>


3.2.1. Response Content-Type Field





 
TCP PROTOCOL TUNNELING IN WEB PROXY SERVERS INTERNET-DRAFT   August 1998


   The proxy response does not necessarily have a Content-Type field,
   which is otherwise mandatory in HTTP/1.x responses.  Currently there
   is no content media type assigned to a tunnel.  Future versions of
   this specification may introduce a standard media type, for example
   "application/tunnel".  For forward compatibility, a Content-type
   field should be allowed, but for backward compatibitity, one should
   not be required by clients.


3.3. Data Pipelining

   It is legal for the client to send some data intended for the server
   before the "200 Connection established" (or any other success or
   error code) is received.  This allows for reduced latency and
   increased efficiency when any handshake data intended for the remote
   server can be sent in the same TCP packet as the proxy request.  This
   allows the proxy to immediately forward the data once the connection
   to the remote server is established, without waiting for two round-
   trip times to the client (sending 200 to client; waiting for the next
   packet from client).