[zorp] Rewriting URLs *and* changing destination ports for reverse proxy
David Yerger
dyerger at stcservices.com
Thu Mar 15 22:52:33 CET 2012
Almost there, my only problem now is that once I set the destination
port with setServer, I can't subsequently change to a different
destination port once the session starts, which my application needs
unfortunately because it expects the reverse proxy to be able to
demultiplex the destination ports based on the URL.
Any way to get around this? Some way to force creation of a new
session?
I have now in policy.py:
from Zorp.Core import *
from Zorp.Http import *
from Zorp.Plug import *
from Zorp.Pssl import *
import re
InetZone("intra", "10.0.0.0/16",
outbound_services=[],
inbound_services=["INhttp", "INhttps", "INcommunicator",
"CommunicatorHttpProxy"])
InetZone("local", "127.0.0.0/8",
inbound_services=["*"],
outbound_services=[])
InetZone("inter", "0.0.0.0/0",
inbound_services=[],
outbound_services=["INhttp", "INhttps", "INcommunicator",
"CommunicatorHttpProxy"])
InetZone(name="hq",
addr=["10.0.7.90/32", ],
inbound_services=["*"],
outbound_services=["*"],
admin_parent="intra"
)
def Zcommunicator():
#we are going to override the router port
Service("INcommunicator", INcommunicator,
chainer=SideStackChainer(CommunicatorHttpProxy),
router=DirectedRouter(SockAddrInet("10.0.7.90", 80)))
Listener(SockAddrInet("<outside IP>", 5500), "INcommunicator")
class CommunicatorHttpProxy(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL)
self.request["POST"] = (HTTP_REQ_POLICY, self.filterURL)
def filterURL(self, method, url, version):
if re.search('/theme/', url):
url2= re.sub('(?P<auth>https?://.*)/theme/',
'\g<auth>/director2/theme/', url)
elif re.search('/yui_2.7.0/', url):
url2= re.sub('(?P<auth>https?://.*)/yui_2.7.0/',
'\g<auth>/director2/yui_2.7.0/', url)
elif re.search('/js/', url):
url2= re.sub('(?P<auth>https?://.*)/js/',
'\g<auth>/director2/js/', url)
elif re.search('/authenticate/', url):
url2=
re.sub('(?P<auth>https?://.*)/authenticate/', '\g<auth>/', url)
elif re.search('/cas/', url):
url2= re.sub('(?P<auth>https?://.*)/cas/',
'\g<auth>/', url)
log("communicator_http.info", 3, "%s: Access to
cas: %s" % (self.session.session_id, url))
elif re.search('/fubar/', url):
url2= re.sub('(?P<auth>https?://.*)/fubar/',
'\g<auth>/cgi-bin/', url)
else:
url2= url
self.request_url= url2
if ("director2" in url2):
self.session.setServer(SockAddrInet("10.0.7.90",
5449))
elif ("/cas/" in url):
self.session.setServer(SockAddrInet("10.0.7.90",
5447))
log("communicator_http.info", 3, "%s:
redirecting to port 5447: %s" % (self.session.session_id, url))
elif ("cgi-bin" in url2):
self.session.setServer(SockAddrInet("10.0.0.60",
8000))
else: self.session.setServer(SockAddrInet("10.0.7.90",
80))
log("communicator_http.info", 3, "%s: GET or POST: %s" %
(self.session.session_id, url2))
return HTTP_REQ_ACCEPT
class INcommunicator(PsslProxy):
def config(self):
PsslProxy.config(self)
self.client_verify_type = SSL_VERIFY_NONE
self.client_ca_directory = "/etc/zorp/certs"
self.server_need_ssl=FALSE
self.client_key_file = "/etc/zorp/certs/private/foo.key"
self.client_cert_file = "/etc/zorp/certs/foo.crt"
#self.stack_proxy = CommunicatorHttpProxy
Thanks in advance
Dave
More information about the zorp
mailing list