Re: [zorp-hu] cookie alapjan valo dontes

5 Apr 2006

      Szia!

A jelenlegi konfigom igy nez ki. Jelenleg a GET utani reszre
probalok keresni, a cookies resz utana jon majd.
A self.setserver nincs hatassal a request kiszolgalasara.
Lehet, hogy rossz helyen hasznalom?

A leveledben irtad az alabbiakat:

	def processCookie(self, hdr_name, hdr_value):
		# hdr_value-ban van a Cookie fejlec erteke, abbol kell kiszedni a 
		# teged erdeklo erteket

		# az 1.2.3.4 erteke lehet valtozo is, amit a Cookie erteke alapjan
		# raktal ossze.
		self.session.setServer(SockAddrInet('1.2.3.4', 80))
		return HTTP_HDR_ACCEPT

irtad, hogy a hdr_value-ban van a cookie erteke. ezt ugy kell erteni, hogy
ha van egy nev=ertek cookie-m akkor az ott hdr_value["nev"] szintaktikaval
erheto el, vagy?

Idaig a configom:

# Includes
from Zorp.Core import *
from Zorp.Http import *
from Zorp.Pssl import *
import re

# Main configuration
Zorp.firewall_name = 'zorp'

# Networks

InetZone(
         "Internet", "0.0.0.0/0",
         inbound_services=["http", "https"],
         outbound_services=["http", "https"]
        )

InetZone(
         "app-net", "10.11.0.0/16",
         inbound_services=["http", "https"],
         outbound_services=["http", "https"]
        )

# HTTP Proxy
class HTTPProxy(HttpProxy):

        def config(self):
                HttpProxy.config(self)
                self.default_port = 443
                self.request["GET"] = (HTTP_REQ_POLICY, self.test_url)

        def test_url(self, method, url, version):
                url_match=re.compile(".*ch-de$")
                result=url_match.findall(url)
                if (result):

self.session.setServer(SockAddrInet('10.10.12.6', 443))
                        return HTTP_REQ_ACCEPT
                else:

self.session.setServer(SockAddrInet('10.10.11.6', 443))
                        return HTTP_REQ_ACCEPT

# HTTPS Proxy - Listener
class HTTPSListener(PsslProxy):

        def config(self):
                PsslProxy.config(self);
                self.copy_to_server     = TRUE;
                self.copy_to_client     = TRUE;
                self.client_need_ssl    = TRUE;
                self.server_need_ssl    = FALSE;
                self.shutdown_soft      = TRUE;
                self.client_verify_type = SSL_VERIFY_NONE;
                self.server_verify_type = SSL_VERIFY_NONE;
                self.client_cert        = "/etc/zorp/certs/test.crt";
                self.client_key         = "/etc/zorp/keys/test.key";

# HTTPS Proxy
class HTTPSHelper(HttpProxy):

        def config(self):
                HttpProxy.config(self)
                self.default_port = 443
                self.request["GET"] = (HTTP_REQ_POLICY, self.is_svajc)

        def is_svajc(self, method, url, version):
                sw_match=re.compile(".*ch-de$")
                matched=sw_match.findall(url)
                if (matched):

self.session.setServer(SockAddrInet('10.10.12.6', 443))
                        return HTTP_REQ_ACCEPT
                else:

self.session.setServer(SockAddrInet('10.10.11.6', 443))
                        return HTTP_REQ_ACCEPT

# HTTPS Proxy - Worker
class HTTPSWorker(PsslProxy):

        def config(self):
                PsslProxy.config(self);
                self.copy_to_server     = TRUE;
                self.copy_to_client     = TRUE;
                self.client_need_ssl    = FALSE;
                self.server_need_ssl    = TRUE;
                self.shutdown_soft      = TRUE;
                self.client_verify_type = SSL_VERIFY_NONE;
                self.server_verify_type = SSL_VERIFY_NONE;
                self.client_cert        = "/etc/zorp/certs/test.crt";
                self.client_key         = "/etc/zorp/keys/test.key";

# Instance definition
def web():
        Service(
                "http",
                HTTPProxy,
                router=InbandRouter(forge_addr=TRUE),
                #router=DirectedRouter(forge_addr=TRUE),
                resolver=DNSResolver()
                )
        Service(
                "https",
                HTTPSListener,
                router=InbandRouter(forge_addr=TRUE),
                chainer=SideStackChainer(
                                         HTTPSHelper,
                                         SideStackChainer(HTTPSWorker)
                                         )
                )
        Listener(SockAddrInet('kulsoip', 1200), "http")
        Listener(SockAddrInet('kulsoip', 1201), "https")

Balazs Scheidler wrote:
...
On Mon, 2006-04-03 at 15:04 +0200, Pásztor Lénárd Zoltán wrote:
...
Sziasztok!
Tud valaki peldat mutatni arra, hogyan lehet zorpal
elerni azt, hogy http(s) proxyzas eseten egy cookie-ban
beallitott erteket figyelve dontson arrol melyik belso
webszervertol kerje el az oldalt?
Probald me a 'Cookie' fejlecet felkerni policy-ba, valahogy igy:
class MyHttp(HttpProxy):
  def config(self):
      HttpProxy.config(self)
      self.request_header["Cookie"] = (HTTP_HDR_POLICY, self.processCookie)
def processCookie(self, hdr_name, hdr_value):
      # hdr_value-ban van a Cookie fejlec erteke, abbol kell kiszedni a 
      # teged erdeklo erteket
# az 1.2.3.4 erteke lehet valtozo is, amit a Cookie erteke alapjan
      # raktal ossze.
      self.session.setServer(SockAddrInet('1.2.3.4', 80))
      return HTTP_HDR_ACCEPT
def http():
  Service('http', MyHttp, router=InbandRouter())
  Listener(SockAddrInet('kulsoip', 80), 'http')
------------------------------------------------------------------------
_______________________________________________
zorp-hu mailing list
zorp-hu@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/zorp-hu
-- 
Pásztor Lénárd Zoltán
rendszergazda

Wonderline Hungary Kft.
Telefon: (+36-1) 272.0242
Fax: (+36-1) 272.0252
E-mail: lenard.pasztor@wonderline.hu
Honlap: www.wonderline.hu