On Sun, 2008-06-29 at 23:32 +0200, thomas.wenz@gmx-topmail.de wrote:

Hi,

I installed zorp 3.1.14 (GPL) in Debian Etch a few days ago. It works fine and is a really great program but I’ve got 2 problems with the http-proxy-module Iwhich I just can't find a soluation. Perhaps someone can help me, I don't know what to try further...

You are correct about the program-stacking feature, it does not work, because it was only relased as a part of the commercial Zorp version. However since you were interested, we're willing to release the accompanying work under the GPL as well. You are also right about the fact that Zorp GPL 3.3 does not yet exist, it is simply a matter of time.

1. I want to be able to block sites with specific contents and in some cases modify the content. But I can't stack a program on the request or response. I always get an “Invalid Request” when I want to modify the request stack or an “Invalid Response” when I want to modify the response stack.

I think this should normally work as there’s a test in tests/functional/http/transfer/chunked-conversion.test in the source package of Zorp. I used the following code from the example there and it does not work:

class MyHttp(HttpProxy): def config(self): HttpProxy.config(self) self.timeout_request=30000 self.request_stack["GET"] = (HTTP_STK_DATA, "/bin/cat") self.response_stack["GET"] = (HTTP_STK_DATA, "/bin/cat")

The other possibility I found in a doc at http://www.balabit.com/dl/white_papers/zorp-gateway-v3.1-tutorial-https-en.p... and at http://www.balabit.hu/dl/html/zorp-reference-guide.html/ch01s01.html#embedde... doesn’t work either and shows the same error messages. The code looks like this: self.response_stack["GET"] = (HTTP_STK_DATA, (Z_STACK_PROGRAM, "/bin/sed '/http:/s//https:/g'"))

Exchangig HTTP_STK_DATA with HTTP_STK_MIME doesn't change anything either.

Exchanging self.request_stack["GET"] with self.request_stack["POST"] just shows the difference that the error only occurs on POST-Requests and not on normal GET because it's just ignored or so.

The strange thing is that it seems like the external program isn’t even called because when I insert the command “touch /home/testuser/test”, the file is not touched. I also couldn’t find anything corresponding in strace output.

2. Is it somehow possible to modify/block POST-Parameters? Modifying the GET-Requests using the self.request_url-Parameter is easy but I could not find any way to do this with POST-data. I tried passing it to an external program for analyzing/modifying but this does not work (see 1)?

I also tried an upgrade to 3.3 but it seems like common-gpl isn't included yet. When I left it out of my sources.list I then ran into problems concerning the locales package (could not be installed because of errors). Is 3.3 for another Debian version or Ubuntu? Could the 3.3 solve my problems above?

We have some pre-published tutorials that describe how validate GET/POST parameters while they are going through the HTTP proxy of Zorp. This is all implemented in the "AnyPy" proxy, that can be used to write proxy modules for Zorp in Python. (other proxies are written in C for performance). The reasons these are not yet published is that they depend on some patches against the Zorp core which have not yet been integrated. If you are interested, I can send you these tutorials as well. So in summary: * Zorp 3.3 is coming RSN :) * we are willing to add program stacking into Zorp 3.3 GPL -- Bazsi