Re: [zorp] Reverse proxy + side stacking broken (config?) for large pages?

30 Nov 2011


      Hi David,

On Tue, 2011-11-29 at 08:49 -0500, David Yerger wrote:
...
def Zcommunicator():
        Service("INcommunicator", INcommunicator,
                chainer=SideStackChainer(CommunicatorHttpProxy),
                router=DirectedRouter(SockAddrInet("<LAN IP>", 80)))
        Listener(SockAddrInet("<public ip>", 55000), "INcommunicator")
class CommunicatorHttpProxy(HttpProxy):
        def config(self):
                HttpProxy.config(self)
                self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL)
                self.request["POST"] = (HTTP_REQ_POLICY, self.filterURL)
def filterURL(self, method, url, version):
                if ("http://<public DNS>:5500/cas" in url):
                        self.session.setServer(SockAddrInet("10.0.7.2", 5447))
                elif ("http://<public DNS>:5500/director2" in url):
                        self.session.setServer(SockAddrInet("10.0.7.2", 5449))
                elif ("http://<public DNS>:5500/techops" in url):
                        self.session.setServer(SockAddrInet("10.0.0.6", 80))
                elif ("http://<public DNS>:5500/fubar" in url):
                        self.session.setServer(SockAddrInet("10.0.0.6", 80))
                else: self.session.setServer(SockAddrInet("10.0.7.2", 80))
                return HTTP_REQ_ACCEPT
class INcommunicator(PsslProxy):
        def config(self):
                PsslProxy.config(self)
                self.client_verify_type = SSL_VERIFY_NONE
                self.client_ca_directory = "/etc/ssl/certs"
                self.server_need_ssl=FALSE
                self.client_key_file = "/etc/ssl/private/xxx.key"
                self.client_cert_file = "/etc/ssl/certs/xxx.crt"
                #self.stack_proxy = CommunicatorHttpProxy
the "fubar" URL doesn't point to a real location--and I get the 500 error page back from the web server.
But when I try a (larger) real page, I'm seeing
Nov 28 15:42:39 localhost zorp/Zcommunicator[4334]: (svc/INcommunicator:9): Starting proxy instance; client_fd='15', client_address='AF_INET(<public ip>:2220)', client_zone='Zone(inter, 0.0.0.0/0)', client_local='AF_INET(<public ip>:5500)', client_protocol='TCP'
Nov 28 15:42:39 localhost zorp/Zcommunicator[4334]: (svc/INcommunicator:9/pssl): SSL handshake failed on the client side; error='error:1407609C:SSL routines:lib(20):SSL23_GET_CLIENT_HELLO:func(118):http request:reason(156)'
Based on the OpenSSL error message you're getting I think the client did
speak plain HTTP and not HTTPS. You could use tcpdump/wireshark to
confirm this.
...
Ideas?  Should I just reinstall 3.9.2 and copy my config files over?   (no apt-get dist-upgrade option I see)
I don't think that would solve this problem.

-- 
KOVACS Krisztian