Module Http

This module defines the interface to the Http proxy as implemented by the Http module.

Imported modules

Class HttpProxy

HttpProxy is a wrapper class for the built in Http proxy implemented in Zorp. It features both transparent and non-transparent modes of operation, advanced filtering and more.

Usage

This section contains basic usage patterns, you as an administrator may need to do.

Setting policy for requests

Changing the default behaviour of requests can be done using the hash named "request". This hash is indexed by the method name (e.g: GET or POST), and each item in this hash is a tuple, whose first item is an integer value, determining the action to be done with the request, and also the interpretation of the remaining items in the tuple.

All requests are denied by default in the low level proxy implementation. The most common methods (GET, POST and HEAD) are enabled from Python code.

Possible values for the first item:

Example 4-4. Sample for URL filtering in HTTP proxy

                class DmzHTTP(HttpProxy):

                  def config(self):
                    HttpProxy.config(self)
                    self.request["GET"] = (HTTP_POLICY, self.filterURL)

                  def self.filterURL(self, method, url, version):
                    if (url == "http://www.balabit.hu")
                      return Z_ACCEPT
                    return Z_DENY

Changing headers in requests or responses

Both request headers and response headers can be modified during transit. New header lines can be inserted, entries can be modified or deleted. To change headers in the request use the request_headers hash, for response headers you need the response_headers hash.

Similarly to the request hash, these hashes contain a variable-length tuple, where the first item determines the interpretation of the remaining items. The hash index is the name of the header to be modified.

Headers are not touched by default, except the "Host:", "Connection:" and "Proxy-Connection" headers. However the way these are modified can be changed here.

Possible values for the first item:

Example 4-5. Sample for header filtering in HTTP

                class MyHttp(HttpProxy):

                  def config(self):
                    HttpProxy.config(self)
                    self.request_headers["User-Agent"] = (HTTP_CHANGE_VALUE, "Lynx 2.4.1")
                    self.request_headers["Cookie"] = (HTTP_POLICY, self.processCookies)
                    self.response_headers["Set-Cookie"] = (HTTP_DROP,)

                  def processCookies(self, name, value):
                    log("http.message", 7, "cookie: value=%s" % value,)
                    # you could change the current header in self.current_header_name
                    # or self.current_header_value, the current request url
                    # in self.request_url
                    return Z_DROP

Redirecting urls

Example 4-6. Sample for URL redirection in HTTP

              class MyHttp(HttpProxy):

                def config(self):
                  HttpProxy.config(self)
                  self.request["GET"] = (HTTP_POLICY, self.filterURL)

                def filterURL(self, method, url, version):
                  self.request_url = "http://www.balabit.hu/"

Using parent proxies

Example 4-7. Sample for using parent proxies in HTTP

              class MyHttp(HttpProxy):

                def config(self):
                  HttpProxy.config(self)
                  self.parent_proxy = "proxy.balabit.hu"
                  self.parent_proxy_port = 3128

Attributes

Table 4-52. Attributes for class HttpProxy

transparent_mode (logical) TRUE for transparent proxy, FALSE otherwise (default: TRUE)
transparent_server_requests(logical) allow server requests in transparent mode (default: TRUE)
transparent_proxy_requests (logical) allow proxy requests in transparent mode (default: FALSE)
connection_mode HTTP_CONNECTION_CLOSE or HTTP_CONNECTION_KEEPALIVE can be used to forcibly close a keepalive connection.
parent_proxy (string) address or hostname of the parent proxy to connect to. You have to use DirectedChainer or InbandChainer for this option to take effect.
parent_proxy_port (integer) the port of the parent proxy to connect to. (default: 3128)
default_port (integer) if the port number is not specified in the URL use this port. (default: 80)
rewrite_host_header (logical) rewrite Host header when redirecting an url (default: TRUE)
max_line_length (integer) maximum length of non-transfer mode lines (default: 4096)
max_header_lines (integer) maximum number of header lines in requests or responses (default: 50)
max_keepalive_requests (integer) maximum number of requests in a single session
timeout (integer) I/O timeout in milliseconds (default: 30000)
request (hash) normative policy hash, directing the proxy to do something with requests, without the need to call Python. indexed by the method (e.g. "GET", "PUT" etc) (default: empty) See below for more information.
request_headers (hash) normative policy hash, directing the proxy to do something with request headers (drop, insert, rewrite etc) It is indexed by the header name (e.g. "Set-cookie") (default: empty) See below for more information.
response (hash) normative policy hash directing the proxy to do something with responses. FIXME: not yet used
response_headers (hash) similar to request_headers for response headers.
request_url (string) request url string, can be changed to redirect the current request.
current_header_name (string) defined during header processing functions, and can be changed to actually change a header in the request or response.
current_header_value (string) similar to current_header_name but contains the header value
error_response (integer) if the request is denied use this HTTP response code (default: 500)
error_info (string) a string included in error message.

Constructor __init__

Initializes a HttpProxy instance.

Synopsis

__init__ ( self,  session )

Description

Creates and initializes a HttpProxy instance.

Arguments

Table 4-53. Arguments for HttpProxy.__init__()

selfthis instance
sessionthe session this instance participates in

Method config

Default config event handler.

Synopsis

config ( self )

Description

Enables the most common HTTP methods so we have a useful default configuration.

Arguments

Table 4-54. Arguments for HttpProxy.config()

selfthis instance

Class HttpProxyNonTransparent

This class encapsulates a non-transparent HTTP proxy using the features provided by HttpProxy.

Method config

Config event handler

Synopsis

config ( self )

Description

Sets self.transparent_mode to FALSE to indicate non-transparent mode.

Arguments

Table 4-55. Arguments for HttpProxyNonTransparent.config()

selfthis instance