This module defines the interface to the Http proxy as implemented by the Http module.
from Plug import PlugProxy
from Proxy import Proxy
Module defining classes encapsulating native proxies.
from Session import StackedSession
Module defining session related classes and functions.
from Zorp import *
Module defining global constants, and interface entry points to the Zorp core.
HttpProxy is a wrapper class for the built in Http proxy implemented in Zorp. It features both transparent and non-transparent modes of operation, advanced filtering and more.
This section contains basic usage patterns, you as an administrator may need to do.
Changing the default behaviour of requests can be done using the hash named "request". This hash is indexed by the method name (e.g: GET or POST), and each item in this hash is a tuple, whose first item is an integer value, determining the action to be done with the request, and also the interpretation of the remaining items in the tuple.
All requests are denied by default in the low level proxy implementation. The most common methods (GET, POST and HEAD) are enabled from Python code.
Possible values for the first item:
Example 4-4. Sample for URL filtering in HTTP proxy
class DmzHTTP(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request["GET"] = (HTTP_POLICY, self.filterURL)
def self.filterURL(self, method, url, version):
if (url == "http://www.balabit.hu")
return Z_ACCEPT
return Z_DENY
Both request headers and response headers can be modified during transit. New header lines can be inserted, entries can be modified or deleted. To change headers in the request use the request_headers hash, for response headers you need the response_headers hash.
Similarly to the request hash, these hashes contain a variable-length tuple, where the first item determines the interpretation of the remaining items. The hash index is the name of the header to be modified.
Headers are not touched by default, except the "Host:", "Connection:" and "Proxy-Connection" headers. However the way these are modified can be changed here.
Possible values for the first item:
Example 4-5. Sample for header filtering in HTTP
class MyHttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request_headers["User-Agent"] = (HTTP_CHANGE_VALUE, "Lynx 2.4.1")
self.request_headers["Cookie"] = (HTTP_POLICY, self.processCookies)
self.response_headers["Set-Cookie"] = (HTTP_DROP,)
def processCookies(self, name, value):
log("http.message", 7, "cookie: value=%s" % value,)
# you could change the current header in self.current_header_name
# or self.current_header_value, the current request url
# in self.request_url
return Z_DROP
Example 4-6. Sample for URL redirection in HTTP
class MyHttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request["GET"] = (HTTP_POLICY, self.filterURL)
def filterURL(self, method, url, version):
self.request_url = "http://www.balabit.hu/"
Example 4-7. Sample for using parent proxies in HTTP
class MyHttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.parent_proxy = "proxy.balabit.hu"
self.parent_proxy_port = 3128
Table 4-52. Attributes for class HttpProxy
transparent_mode | (logical) TRUE for transparent proxy, FALSE otherwise (default: TRUE) |
transparent_server_requests | (logical) allow server requests in transparent mode (default: TRUE) |
transparent_proxy_requests | (logical) allow proxy requests in transparent mode (default: FALSE) |
connection_mode | HTTP_CONNECTION_CLOSE or HTTP_CONNECTION_KEEPALIVE can be used to forcibly close a keepalive connection. |
parent_proxy | (string) address or hostname of the parent proxy to connect to. You have to use DirectedChainer or InbandChainer for this option to take effect. |
parent_proxy_port | (integer) the port of the parent proxy to connect to. (default: 3128) |
default_port | (integer) if the port number is not specified in the URL use this port. (default: 80) |
rewrite_host_header | (logical) rewrite Host header when redirecting an url (default: TRUE) |
max_line_length | (integer) maximum length of non-transfer mode lines (default: 4096) |
max_header_lines | (integer) maximum number of header lines in requests or responses (default: 50) |
max_keepalive_requests | (integer) maximum number of requests in a single session |
timeout | (integer) I/O timeout in milliseconds (default: 30000) |
request | (hash) normative policy hash, directing the proxy to do something with requests, without the need to call Python. indexed by the method (e.g. "GET", "PUT" etc) (default: empty) See below for more information. |
request_headers | (hash) normative policy hash, directing the proxy to do something with request headers (drop, insert, rewrite etc) It is indexed by the header name (e.g. "Set-cookie") (default: empty) See below for more information. |
response | (hash) normative policy hash directing the proxy to do something with responses. FIXME: not yet used |
response_headers | (hash) similar to request_headers for response headers. |
request_url | (string) request url string, can be changed to redirect the current request. |
current_header_name | (string) defined during header processing functions, and can be changed to actually change a header in the request or response. |
current_header_value | (string) similar to current_header_name but contains the header value |
error_response | (integer) if the request is denied use this HTTP response code (default: 500) |
error_info | (string) a string included in error message. |
Initializes a HttpProxy instance.
__init__ ( self, session ) |
Creates and initializes a HttpProxy instance.
Table 4-53. Arguments for HttpProxy.__init__()
self | this instance |
session | the session this instance participates in |
Default config event handler.
config ( self ) |
Enables the most common HTTP methods so we have a useful default configuration.
Table 4-54. Arguments for HttpProxy.config()
self | this instance |
This class encapsulates a non-transparent HTTP proxy using the features provided by HttpProxy.
Config event handler
config ( self ) |
Sets self.transparent_mode to FALSE to indicate non-transparent mode.
Table 4-55. Arguments for HttpProxyNonTransparent.config()
self | this instance |