[zorp-hu] 3.9 https side stack chainer
Csányi Krisztián
chris at eotvos19.hu
2011. Jún. 20., H, 16:15:45 CEST
On Mon, 20 Jun 2011 16:05:28 +0200, Balazs Scheidler wrote:
> On Wed, 2011-06-15 at 15:48 +0200, Csányi Krisztián wrote:
>> Sziasztok!
>>
>> Egy Zorp 3.3-mon működő megoldást szeretnék 3.9-re átültetni.
>> Röviden így néz ki:
>>
>> Service('outside_HTTPS_wildcard.xyz.hu', HttpsPublicWildcardXyz,
>> chainer=SideStackChainer(right_class=HttpPublicDirector,
>> right_chainer=ConnectChainer(protocol=ZD_PROTO_AUTO)),
>> router=TransparentRouter(forge_addr=TRUE))
>> Dispatcher(DBSockAddr(SockAddrInet('__IP_OUTSIDE', 50443,
>> ZD_PROTO_TCP), 'outside_HTTPS_wildcard.xyz.hu', transparent=TRUE)
>>
>> A HttpsPublicWildcardXyz egy sima PsslProxy aminek van egy
>> self.client_cert_file és client_key_file megadva. (wildcardos)
>>
>> A HttpPublicDirector pedig egy sima HttpProxy, ahol
>> self.request_url_host alapján döntünk, hogy melyik szervernek
>> dobódjon
>> át a forgalom.
>>
>>
>> A kérdésem, hogy mi a fentieknek az elegáns megoldása 3.9 alatt?
>> (Tekintettel arra, hogy már minden proxy támogat SSL-t)
>> A fenti megoldás már nem működik 3.9-en.
>
> be tudnad dobni a proxy class-t is?
Persze:
###########################
class PublicHttpProxyBase(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request['GET'] = (HTTP_REQ_POLICY, self.filterURL)
self.request['POST'] = (HTTP_REQ_POLICY,
self.filterURL)
self.request['HEAD'] = (HTTP_REQ_POLICY,
self.filterURL)
self.response['*', '401'] = (HTTP_RSP_ACCEPT)
self.response['*', '4'] = (HTTP_RSP_POLICY,
self.filterError)
self.response['*', '5'] = (HTTP_RSP_POLICY,
self.filterError)
self.response_headers['Server'] = (HTTP_HDR_DROP)
self.response_headers['X-Powered-By'] = (HTTP_HDR_DROP)
self.response_headers['X-AspNet-Version'] =
(HTTP_HDR_DROP)
self.error_silent = TRUE
self.transparent_mode = TRUE
self.permit_proxy_requests = FALSE
def filterURL(self, method, url, version):
log('http.info', 3, "%s: %s" % (method, url))
return HTTP_REQ_ACCEPT
def filterError(self, method, url, version, response):
self.error_status = 404
self.error_msg = 'not found'
return HTTP_RSP_DENY
###########################
class HttpPublicDirector(PublicHttpProxyBase):
def config(self):
PublicHttpProxyBase.config(self)
def filterURL(self, method, url, version):
if self.request_url_host == 'a.xyz.hu':
self.session.setServer(SockAddrInet('192.168.168.100', 80))
elif self.request_url_host == 'b.xyz.hu':
self.session.setServer(SockAddrInet('192.168.168.25', 80))
elif self.request_url_host == 'c.xyz.hu':
self.session.setServer(SockAddrInet('192.168.169.10', 80))
elif self.request_url_host == '192.168.169.10':
self.session.setServer(SockAddrInet('192.168.169.10', 80))
else:
log('http.info', 3, "Public http access
denied: %s: %s" % (method, url))
return HTTP_REQ_ABORT
log('http.info', 3, "%s: %s" % (method, url))
return HTTP_REQ_ACCEPT
def __destroy__(self):
log(self.session.session_id, CORE_DEBUG, 3,
"Accounting data: client_address='%s', server_address='%s',
client_stream_recvd='%s', client_stream_sent='%s'",
(self.session.client_address, self.session.server_address,
self.session.client_stream.bytes_recvd,self.session.client_stream.bytes_sent))
PublicHttpProxyBase.__destroy__(self)
###########################
class HttpsPublicWildcardXyz(PsslProxy):
def config(self):
PsslProxy.config(self)
self.client_cert_file =
"/etc/zorp/certs/wildcard.xyz.hu-cert.pem"
self.client_key_file =
"/etc/zorp/certs/wildcard.xyz.hu-key.pem"
További információk a(z) zorp-hu levelezőlistáról