Kein Betreff
Mon Jun 16 21:29:23 CEST 2008
below). Do you know a possibility how to move it up so that it's called before
"Filtering request and headers;"? Or can I alternatively perform own
changes in the "Request postfilter header;"-section (meaning: moving the
"Filtering request and headers;" section down)?
Is there also a possibility to activate it for GET and emtpy requests(in fact,
if a tamper a POST so that it contains no payload it's also not handled over)?
I think I need to remove some checks in the C-code to achieve this, correct?
I actually need the aboce for the following scenario:
1. The whole request is handled over to an external program no matter what
it contains. (I first tried it with an AnyPy in front but I couldn't stack http on
it...)
2. The external program decides what needs to be changed (headers and data) and
logs the whole requests.
3. I've already managed to include some code in http.c so that a python-function is
called just before headers are modified through Zorp. Based on the result of the
external program I know how to change the headers (not in the config-function
like normally where I have no information about the request). The link
between the external program and the python function is done by asking for an
ID in a database which returns the changes to be made.
This also makes it possible to filter headers which are unknown before the request
arrives. It's not really a performance solution but the normal rules are a little bit
too static for me and security is considered higher as performance for me...
I surely could do that by running some kind of tcpdump but this doesn't work with
SSL and it's difficult to synchronize (Zorp could have already sent before the changes
are calculated!).
Thomas Wenz
http.debug(6): (svc/HTTP_instance:0/http): processing request and headers;
http.debug(6): (svc/HTTP_instance:0/http): Filtering request and headers;
http.debug(6): (svc/HTTP_instance:0/http): Reprocessing filtered request;
http.accounting(4): (svc/HTTP_instance:0/http): Accounting; command='POST', url='http://10.1.1.9/test.php'
http.debug(6): (svc/HTTP_instance:0/http): Sending request and headers, copying request data;
core.debug(6): (svc/HTTP_instance:0/http): Attribute fetched; attribute='server_local_tos', value='0'
core.debug(7): (svc/HTTP_instance:0/http): Connecting to remote host; protocol='1', local='AF_INET(10.1.1.1:4345)', remote='AF_INET(10.1.1.9:80)'
core.debug(7): (svc/HTTP_instance:0/http): Initiating connection; from='AF_INET(10.1.1.1:4345)', to='AF_INET(10.1.1.9:80)'
core.debug(6): (svc/HTTP_instance:0/http): Established connection; protocol='1', remote='AF_INET(10.1.1.9:80)', local='AF_INET(10.1.1.1:4345)', dest='AF_INET(10.1.1.9:80)'
core.session(3): (svc/HTTP_instance:0/http): Server connection established; server_fd='18', server_address='AF_INET(10.1.1.9:80)', server_zone='Zone(attack, 10.1.1.0/24)', server_local='AF_INET(10.1.1.1:4345)', server_protocol='TCP'
core.debug(6): (svc/HTTP_instance:0/http): Attribute fetched; attribute='request_method', value=''POST''
core.debug(6): (svc/HTTP_instance:0/http): Stacking program; client='19:20', server='21:22', control='23:24', program='/bin/echo'
core.debug(6): (svc/HTTP_instance:0/http/client_downstream): Shutdown channel; fd='19', mode='0'
core.debug(6): (svc/HTTP_instance:0/http/server_downstream): Shutdown channel; fd='21', mode='1'
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0000', eof_mask='0000'
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0000', eof_mask='0000'
core.dump(7): (svc/HTTP_instance:0/http/client): Reading stream; stream='ZStreamLine', count='12'
core.dump(9): (svc/HTTP_instance:0/http/client): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67 test=ddfgdfg
core.dump(7): (svc/HTTP_instance:0/http/client): Reading stream; stream='ZStreamLine', count='12'
core.dump(9): (svc/HTTP_instance:0/http/client): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67 test=ddfgdfg
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0000', eof_mask='0400'
core.dump(7): (svc/HTTP_instance:0/http/client_downstream): Writing stream; stream='ZStreamFD', count='12'
core.dump(9): (svc/HTTP_instance:0/http/client_downstream): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67 test=ddfgdfg
core.debug(6): (svc/HTTP_instance:0/http/client_downstream): Shutdown channel; fd='19', mode='1'
core.debug(7): (svc/HTTP_instance:0/http): Eofmask is updated; old_mask='0400', eof_mask='0500'
core.dump(7): (svc/HTTP_instance:0/http/server_downstream): Reading stream; stream='ZStreamFD', count='12'
core.dump(9): (svc/HTTP_instance:0/http/server_downstream): data line 0x0000: 74 65 73 74 3D 64 64 66 67 64 66 67 test=ddfgdfg
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Host', value='10.1.1.9'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='User-Agent', value='Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept', value='text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept-Language', value='de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept-Encoding', value='gzip,deflate'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Accept-Charset', value='ISO-8859-1,utf-8;q=0.7,*;q=0.7'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Keep-Alive', value='300'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Connection', value='keep-alive'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Referer', value='http://10.1.1.9/test.php'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Content-Type', value='application/x-www-form-urlencoded'
http.request(7): (svc/HTTP_instance:0/http): Request postfilter header; hdr='Transfer-Encoding', value='chunked'
--
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
More information about the zorp
mailing list