[zorp-hu] cookie alapjan valo dontes

[Pásztor Lénárd Zoltán]

          Szia!

A jelenlegi konfigom igy nez ki. Jelenleg a GET utani reszre
probalok keresni, a cookies resz utana jon majd.
A self.setserver nincs hatassal a request kiszolgalasara.
Lehet, hogy rossz helyen hasznalom?

A leveledben irtad az alabbiakat:

	def processCookie(self, hdr_name, hdr_value):
		# hdr_value-ban van a Cookie fejlec erteke, abbol kell kiszedni a 
		# teged erdeklo erteket

		# az 1.2.3.4 erteke lehet valtozo is, amit a Cookie erteke alapjan
		# raktal ossze.
		self.session.setServer(SockAddrInet('1.2.3.4', 80))
		return HTTP_HDR_ACCEPT

irtad, hogy a hdr_value-ban van a cookie erteke. ezt ugy kell erteni, hogy
ha van egy nev=ertek cookie-m akkor az ott hdr_value["nev"] szintaktikaval
erheto el, vagy?


Idaig a configom:

# Includes
from Zorp.Core import *
from Zorp.Http import *
from Zorp.Pssl import *
import re

# Main configuration
Zorp.firewall_name = 'zorp'

# Networks

InetZone(
         "Internet", "0.0.0.0/0",
         inbound_services=["http", "https"],
         outbound_services=["http", "https"]
        )

InetZone(
         "app-net", "10.11.0.0/16",
         inbound_services=["http", "https"],
         outbound_services=["http", "https"]
        )

# HTTP Proxy
class HTTPProxy(HttpProxy):

        def config(self):
                HttpProxy.config(self)
                self.default_port = 443
                self.request["GET"] = (HTTP_REQ_POLICY, self.test_url)

        def test_url(self, method, url, version):
                url_match=re.compile(".*ch-de$")
                result=url_match.findall(url)
                if (result):
                        
self.session.setServer(SockAddrInet('10.10.12.6', 443))
                        return HTTP_REQ_ACCEPT
                else:
                        
self.session.setServer(SockAddrInet('10.10.11.6', 443))
                        return HTTP_REQ_ACCEPT

# HTTPS Proxy - Listener
class HTTPSListener(PsslProxy):

        def config(self):
                PsslProxy.config(self);
                self.copy_to_server     = TRUE;
                self.copy_to_client     = TRUE;
                self.client_need_ssl    = TRUE;
                self.server_need_ssl    = FALSE;
                self.shutdown_soft      = TRUE;
                self.client_verify_type = SSL_VERIFY_NONE;
                self.server_verify_type = SSL_VERIFY_NONE;
                self.client_cert        = "/etc/zorp/certs/test.crt";
                self.client_key         = "/etc/zorp/keys/test.key";

# HTTPS Proxy
class HTTPSHelper(HttpProxy):

        def config(self):
                HttpProxy.config(self)
                self.default_port = 443
                self.request["GET"] = (HTTP_REQ_POLICY, self.is_svajc)

        def is_svajc(self, method, url, version):
                sw_match=re.compile(".*ch-de$")
                matched=sw_match.findall(url)
                if (matched):
                        
self.session.setServer(SockAddrInet('10.10.12.6', 443))
                        return HTTP_REQ_ACCEPT
                else:
                        
self.session.setServer(SockAddrInet('10.10.11.6', 443))
                        return HTTP_REQ_ACCEPT

# HTTPS Proxy - Worker
class HTTPSWorker(PsslProxy):

        def config(self):
                PsslProxy.config(self);
                self.copy_to_server     = TRUE;
                self.copy_to_client     = TRUE;
                self.client_need_ssl    = FALSE;
                self.server_need_ssl    = TRUE;
                self.shutdown_soft      = TRUE;
                self.client_verify_type = SSL_VERIFY_NONE;
                self.server_verify_type = SSL_VERIFY_NONE;
                self.client_cert        = "/etc/zorp/certs/test.crt";
                self.client_key         = "/etc/zorp/keys/test.key";

# Instance definition
def web():
        Service(
                "http",
                HTTPProxy,
                router=InbandRouter(forge_addr=TRUE),
                #router=DirectedRouter(forge_addr=TRUE),
                resolver=DNSResolver()
                )
        Service(
                "https",
                HTTPSListener,
                router=InbandRouter(forge_addr=TRUE),
                chainer=SideStackChainer(
                                         HTTPSHelper,
                                         SideStackChainer(HTTPSWorker)
                                         )
                )
        Listener(SockAddrInet('kulsoip', 1200), "http")
        Listener(SockAddrInet('kulsoip', 1201), "https")









Balazs Scheidler wrote:
> On Mon, 2006-04-03 at 15:04 +0200, Pásztor Lénárd Zoltán wrote:
>   
>>           Sziasztok!
>>
>> Tud valaki peldat mutatni arra, hogyan lehet zorpal
>> elerni azt, hogy http(s) proxyzas eseten egy cookie-ban
>> beallitott erteket figyelve dontson arrol melyik belso
>> webszervertol kerje el az oldalt?
>>     
>
> Probald me a 'Cookie' fejlecet felkerni policy-ba, valahogy igy:
>
> class MyHttp(HttpProxy):
> 	def config(self):
> 		HttpProxy.config(self)
> 		self.request_header["Cookie"] = (HTTP_HDR_POLICY, self.processCookie)
>
> 	def processCookie(self, hdr_name, hdr_value):
> 		# hdr_value-ban van a Cookie fejlec erteke, abbol kell kiszedni a 
> 		# teged erdeklo erteket
>
> 		# az 1.2.3.4 erteke lehet valtozo is, amit a Cookie erteke alapjan
> 		# raktal ossze.
> 		self.session.setServer(SockAddrInet('1.2.3.4', 80))
> 		return HTTP_HDR_ACCEPT
>
> def http():
> 	Service('http', MyHttp, router=InbandRouter())
> 	Listener(SockAddrInet('kulsoip', 80), 'http')
>
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> zorp-hu mailing list
> zorp-hu at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/zorp-hu
>   


-- 
Pásztor Lénárd Zoltán
rendszergazda

Wonderline Hungary Kft.
Telefon: (+36-1) 272.0242
Fax: (+36-1) 272.0252
E-mail: lenard.pasztor at wonderline.hu
Honlap: www.wonderline.hu