Skip to content

Socket Reuse Can Cause Multiple CONNECT Requests on Same TCP Connection #628

New issue
New issue
Open
Open
Socket Reuse Can Cause Multiple CONNECT Requests on Same TCP Connection#628
Assignees
bliuchak
Labels
bugSomething isn't working.low priorityLow priority issues to be done eventually.t-unblockingIssues with this label are in the ownership of the unblocking team.
@giannimassive

Description

@giannimassive
giannimassive
opened on Dec 15, 2025

Summary

When using ProxyChain without specifying a custom httpAgent in prepareRequestFunction or using anonimyzeProxy, Node.js's default HTTP agent (which has keepAlive: true) may reuse TCP sockets for multiple CONNECT requests to the upstream proxy. This can cause intermittent connection failures when using proxy-chain to forward requests to an upstream proxy server.

Background

According to RFC 9110 Section 9.3.6:

A tunnel is closed when a tunnel intermediary detects that either side has closed its connection: the intermediary MUST attempt to send any outstanding data that came from the closed side to the other side, close both connections, and then discard any remaining data left undelivered.

After a successful CONNECT response (200), the TCP connection becomes a tunnel and should be treated as opaque to HTTP semantics. I may be misunderstanding the specification, but it seems that sending another CONNECT request through an already-established tunnel might violate this principle.

Reproducing

This issue was initially observed when using anonymizeProxy(), which creates a ProxyChain server that forwards to upstream proxies.
This appears more frequently on slower machines where there's more temporal overlap between requests.

import ProxyChain from "proxy-chain";
import puppeteer from "puppeteer";

const proxyUrl = await ProxyChain.anonymizeProxy(
    "http://user:pass@upstream-proxy.com:8080"
);

const browser = await puppeteer.launch({
    args: [`--proxy-server=${proxyUrl}`],
});

const page = await browser.newPage();
await page.goto("https://www.github.com/");
// Intermittent failures observed here

We then used tcpdump to capture traffic and observe socket re-use.

Workaround

The issue can be resolved by providing a custom httpAgent with keepAlive: false:

import http from 'http';

const noReuseAgent = new http.Agent({
    keepAlive: false,
    maxSockets: Infinity,
    maxFreeSockets: 0,
});

const server = new ProxyChain.Server({
    prepareRequestFunction: () => ({
        upstreamProxyUrl: "http://user:pass@upstream-proxy.com:8080",
        requestAuthentication: false,
        httpAgent: noReuseAgent,  // Prevents socket reuse
    }),
});

With this configuration, each CONNECT request gets a fresh TCP connection to the upstream proxy, eliminating the intermittent failures.

Questions

I'd appreciate clarification on a few points:

  1. Is this expected behavior? The comment in chain.js:52 mentions "Socket can be re-used by multiple requests" which suggests awareness of socket reuse, but I'm unsure if this refers to regular HTTP requests or CONNECT tunnels.

  2. Is my interpretation of the HTTP spec correct? I may be misunderstanding how CONNECT tunnels should work in the context of HTTP connection pooling.

  3. Is socket reuse for CONNECT requests a common practice? Perhaps this behavior works fine with some upstream proxies and only certain implementations reject it.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working.low priorityLow priority issues to be done eventually.t-unblockingIssues with this label are in the ownership of the unblocking team.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions