Kein Betreff


Mon Jun 16 21:29:23 CEST 2008 

below). Do you know a possibility how to move it up so that it's called before
"Filtering request and headers;"? Or can I alternatively perform own 
changes in the "Request postfilter header;"-section (meaning: moving the
"Filtering request and headers;" section down)?
Is there also a possibility to activate it for GET and emtpy requests(in fact, 
if a tamper a POST so that it contains no payload it's also not handled over)? 
I think I need to remove some checks in the C-code to achieve this, correct?

I actually need the aboce for the following scenario:
1. The whole request is handled over to an external program no matter what 
    it contains. (I first tried it with an AnyPy in front but I couldn't stack http on 
    it...)
2. The external program decides what needs to be changed (headers and data) and
    logs the whole requests.
3. I've already managed to include some code in http.c so that a python-function is
    called just before headers are modified through Zorp. Based on the result of the 
    external program I know how to change the headers (not in the config-function 
    like normally where I have no information about the request). The link 
    between the external program and the python function is done by asking for an 
    ID in a database which returns the changes to be made.
This also makes it possible to filter headers which are unknown before the request
arrives. It's not really a performance solution but the normal rules are a little bit
too static for me and security is considered higher as performance for me...

I surely could do that by running some kind of tcpdump but this doesn't work with 
SSL and it's difficult to synchronize (Zorp could have already sent before the changes
are calculated!).

Thomas Wenz


http.debug(6): (svc/HTTP_instance:0/http): processing request and headers; 
http.debug(6): (svc/HTTP_instance:0/http): Filtering request and headers; 
http.debug(6): (svc/HTTP_instance:0/http): Reprocessing filtered request; 
http.accounting(4): (svc/HTTP_instance:0/http): Accounting; command='POST', url='http://10.1.1.9/test.php' 
http.debug(6): (svc/HTTP_instance:0/http): Sending request and headers, copying request data; 
core.debug(6): (svc/HTTP_instance:0/http): Attribute fetched; attribute='server_local_tos', value='0' 
core.debug(7): (svc/HTTP_instance:0/http): Connecting to remote host; protocol='1', local='AF_INET(10.1.1.1:4345)', remote='AF_INET(10.1.1.9:80)' 
core.debug(7): (svc/HTTP_instance:0/http): Initiating connection; from='AF_INET(10.1.1.1:4345)', to='AF_INET(10.1.1.9:80)' 
core.debug(6): (svc/HTTP_instance:0/http): Established connection; protocol='1', remote='AF_INET(10.1.1.9:80)', local='AF_INET(10.1.1.1:4345)', dest='AF_INET(10.1.1.9:80)' 
core.session(3): (svc/HTTP_instance:0/http): Server connection established; server_fd='18', server_address='AF_INET(10.1.1.9:80)', server_zone='Zone(attack, 10.1.1.0/24)', server_local='AF_INET(10.1.1.1:4345)', server_protocol='TCP' 
core.debug(6): (svc/HTTP_instance:0/http): Attribute fetched; attribute='request_method', value=''POST'' 
core.debug(6): (svc/HTTP_instance:0/http): Stacking program; client='19:20', server='21:22', control='23:24', program='/bin/echo' 
core.debug(6): (svc/HTTP_instance:0/http/client_downstream): Shutdown channel; fd='19', mode='0' 
core.debug(6): (svc/HTTP_instance:0/http/server_downstream): Shutdown channel; fd='21', mode='1' 
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0000', eof_mask='0000' 
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0000', eof_mask='0000' 
core.dump(7): (svc/HTTP_instance:0/http/client): Reading stream; stream='ZStreamLine', count='12' 
core.dump(9): (svc/HTTP_instance:0/http/client): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67              test=ddfgdfg 
core.dump(7): (svc/HTTP_instance:0/http/client): Reading stream; stream='ZStreamLine', count='12' 
core.dump(9): (svc/HTTP_instance:0/http/client): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67              test=ddfgdfg 
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0000', eof_mask='0400' 
core.dump(7): (svc/HTTP_instance:0/http/client_downstream): Writing stream; stream='ZStreamFD', count='12' 
core.dump(9): (svc/HTTP_instance:0/http/client_downstream): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67              test=ddfgdfg 
core.debug(6): (svc/HTTP_instance:0/http/client_downstream): Shutdown channel; fd='19', mode='1' 
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0400', eof_mask='0500' 
core.dump(7): (svc/HTTP_instance:0/http/server_downstream): Reading stream; stream='ZStreamFD', count='12' 
core.dump(9): (svc/HTTP_instance:0/http/server_downstream): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67              test=ddfgdfg 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Host', value='10.1.1.9' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='User-Agent', value='Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept', value='text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept-Language', value='de-de,de;q=0.8,en-us;q=0.5,en;q=0.3' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept-Encoding', value='gzip,deflate' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept-Charset', value='ISO-8859-1,utf-8;q=0.7,*;q=0.7' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Keep-Alive', value='300' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Connection', value='keep-alive' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Referer', value='http://10.1.1.9/test.php' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Content-Type', value='application/x-www-form-urlencoded' 
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Transfer-Encoding', value='chunked' 


-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser

More information about the zorp mailing list