Szia En nem nagyon (azaz egyelore nagyon nem) vagom a pythont, es az alap configon tul, hiaba ilesztettem, es probaltam helyesen indentalni bele uj rulet / ruleokat, syntax erroral mindig elhalt indulaskor, maga a pelda is. Biztos valamit elneztem, de nem jottem ra a nyitjara eddig. Itt akadtam el sajnos, pedig azt hiszem nem egy veszes dolog, amirol szo van. :) Mellekelem egy korabbi levelemet, Minden yot, KharpeeT -------------------------------------------------------------------- Fut a zorp, az alap funkciok mukodnek is. Vegigolvastam a share/zorp/pylib/Zorp/Http.py -t, hogy milyen funkciokra kepes, talaltam peldakat is. Igaz ezek elteroek voltak azoktol, amiket a zorp reference guide -ban olvastam. Gondolom azota valtozott nehany dolog. Nehany webserver elott transzparens szuresre szeretnem hasznalni a zorpot, es egy ket dologgal nem boldogultam eddig. Ami a problemam, hogy a megadott uj peldak nem nagyon akartak mukodni (konkretan az url szures). A kerdesem, hogy mitol lehet ez? (alul a reszletek) A masik, ami erdekelne, hogy lehetseges-e reguralis kifejezesek alapjan szurni? Pl http get-ekre szeretnek nehany rule-t felvinni, de a pyhton egyelore eleg elvarazsolt nekem. Tudnal egy-ket peldat mondani, hogy egymas ala hogy lehetne ezeket definialni? Valahogy igy kepzelem el: (persze lehet, hogy hibasan, de talan ertheto :) ) if (url == "^.*\/etc\/passwd.*$") return HTTP_REQ_ACCEPT self.error_info = 'Content denied by policy.' return HTTP_REQ_REJECT if (url == "http://www.ungabunga.hu") return HTTP_REQ_ACCEPT self.error_info = 'Content denied by policy2.' return HTTP_REQ_REJECT ----- Itt van a pillanatnyi config, amire a syslogba ezt a hibauzenetet szorja: ---------- log ---------- zorp-http[25450]: zorp version 1.4.0rc13 going down. zorp-http[25452]: (zorp/nosession): File "/usr/local/zorp/etc/zorp/policy.py", line 83 zorp-http[25452]: (zorp/nosession): if (url == "http://www.balabit.hu") zorp-http[25452]: (zorp/nosession): ^ zorp-http[25452]: (zorp/nosession): SyntaxError: invalid syntax ---------- A hibas configom ataccsban, mert levelben szetesik sajnos. ############################################################################ ## ## Copyright (c) 2000, 2001 BalaBit IT Ltd, Budapest, Hungary ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ## ## $Id: policy.py.sample,v 1.10.2.2.4.2 2001/11/08 11:20:48 bazsi Exp $ ## ############################################################################ # # sample firewall policy with transparent access to FTP, HTTP and CVS protocols. # For FTP and HTTP we use application level gateways, for CVS we use a plug. # (as long as CVS protocol proxy is not available) # # firewall internal network: 192.168.1.0/24 # firewall internal interface: 192.168.1.1 # firewall external interface: 193.225.235.6 # from Zorp.Core import * from Zorp.Http import * from Zorp.Plug import * from Zorp.Ftp import * Zorp.firewall_name = 'zorp@site' InetZone("site-net", "0.0.0.0/0", # list of allowed outbound services, '*' matches anything outbound_services=["intra_http", "intra_ftp"], # list of allowed inbound services, '*' matches anything inbound_services=[]), InetZone("local", "127.0.0.0/8", inbound_services=["*"], outbound_services=[]), InetZone("internet", "VEDETT/HALO", inbound_services=["*"], outbound_services=[]) # # Here's a proxy event handler definition. We are deriving from a # simple plug proxy, which is blindly copying in both directions. # # Instances of this class represent a "plug proxy". For a complete # documentation for the features and available attributes of plug see the # file /doc/modules/plug.txt # # # Let's define a transparent http proxy, which rewrites the user_agent # header to something different. # class IntraHttp(HttpProxy): def config(self): HttpProxy.config(self) self.transparent_mode = TRUE # self.request_header["User-Agent"] = (HTTP_HDR_CHANGE_VALUE, "Lynx/2.8.3rel.1") self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL) def filterURL(self, method, url, version): if (url == "http://www.balabit.hu") return HTTP_REQ_ACCEPT self.error_info = 'Content denied by policy.' return HTTP_REQ_REJECT # return Z_REJECT here to reject this request # change self.request_url to redirect to another url # change connection_mode to HTTP_CONNECTION_CLOSE to force kept-alive connections to close log("http.info", 3, "%s: GET: %s" % (self.session.session_id, url)) return HTTP_REQ_ACCEPT class IntraFtp(FtpProxy): def config(self): FtpProxy.config(self) self.transparent_mode = TRUE # # name is passed to the Zorp instance with the --as command line option # you can use it to start different services for different names # In this simple policy we ignore it. # def init(name): # create services Service("intra_http", IntraHttp, router=TransparentRouter()) Service("intra_ftp", IntraFtp, router=TransparentRouter()) # bind services to listeners # you'll need the packet filter redirect these connections, and # to protect transparent listeners, since if you connect to # a transparent listener directly, Zorp reconnects to itself. Listener(SockAddrInet("FIREWALL", 50080), "intra_http") Listener(SockAddrInet("FIREWALL", 50021), "intra_ftp")