Upstream mode always send CONNECT to upstream server when using https

Inside request function, I change the scheme of https to http for all request, but it send CONNECT to upstream server though which is not needed;

What I wanna do is:

Client <----(http/https)—> mitmproxy <------(plain http request with URL unmodified)------> Upstream server (Apache forward proxy)

Can I achieve this?

Event when I add --insecure and --no-upstream-cert, it also send CONNECT to the upstream server twice( 1. CONNECT XXXX:443; 2. CONNECT XXXX:80;)

This is the script:

    def request(self, flow):
        if flow.request.scheme == "https":
            flow.request.scheme = "http"
            flow.request.port = 80

and command:

 mitmdump -p 5678 -U http://default_proxy:8888 -v --no-http2 --insecure --no-upstream-cert -s "test.py"

I think we don’t support this in upstream mode. Generally speaking, it’s super tricky for us to defer the connection state for so long, so this is unlikely to change soon. Sorry!

When I compare to the external proxy of Charles, I see the difference:

  1. Charles

    rewrite url ^https to http

    upstream proxy display two records:

    CONNECT a.com:443
    Transport: Host: a.com:443

    CONNECT a.com:443
    Transport: Host: a.com:443

    and it works well with apache upstream server

  2. mitmproxy

    def request(self, flow):
       if flow.request.scheme == "https":
           flow.request.scheme = "http"
    

    upstream proxy display two records:

    CONNECT a.com:443
    Transport: Host: a.com:443

    CONNECT a.com:443
    Transport: Host: a.com

    and it failed with The plain HTTP request was sent to HTTPS port, which I think is the problem of Host: a.com, is there any experience for this problem?

------------ Update -----------------

When I print out the flow.mode inside request, I found that when the client request http the mode is upstream, when the client request is https the mode is transparent, and then it go into the set_server to change the host after the modification of flow.scheme

------------ Update -----------------

I got a request like:

GET http://a.com:443 which result in the The plain HTTP request was sent to HTTPS port error