Article delegate-en/2547 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2546@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: filtering HTTP request message by CFI/CGI (Re: Still problems with POST and SSL-Tunnel)
14 Feb 2004 08:20:10 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

On 02/14/04(04:34) you feedback@delegate.. (Yutaka Sato) wrote
in <_A2546@delegate-en.ML_>
 |I've come to see what you are doing :).
 |You are using a pair of DeleGates as a HTTPS/SSL proxy (SSLtunnel) to peep
 |a bare HTTP message in a filter, with a configuration like this:
 |
 |                 [certificate]
 |                    FCL=sslway  FTOSV=filter           FSV=sslway 
 |                         v          v                       v
 |   client ---------------+ DeleGate +------------- DeleGate +---------- server
 |           HTTPS/SSL                 HTTP                    HTTPS/SSL
 |           over CONNECT              over CONNECT         
 |
 |But I'm curious why you know such a special usage of DeleGate ...
 |
 |Anyway, the reason why the end of HTTP request message (both POST and GET)
 |is not recognized in CGI:filter is clear.  It is simply because rewriting
 |request message (without EOF at the end) by CFI/CGI has not been supported.
 |Since a HTTP proxy acting as a SSLtunnel does not recognize what it is
 |relaying, it cannot help CFI/CGI program by generating EOF.  So the end of
 |request message must be detected by CFI/CGI itself like the enclosed patch.
 |
 |Also I recommend you to add the following line into your CFI script not to
 |invoke the filter program for non-POST methods in vain.
 |
 |   Req-Method: POST

I noticed that this "Req-Method:" condition never become sutisfied in
filters for request messages.  I'll fix it as enclosed patch.

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** ../dist/delegate8.9.1/filters/cfi.c	Sat Dec 27 22:04:24 2003
--- cfi.c	Sat Feb 14 17:03:33 2004
***************
*** 153,158 ****
--- 153,161 ----
  	return 1;
  }
  
+ #define IsHttpResp(stat)	strneq(stat,"HTTP/",5)
+ #define IsHttpReqWithBody(req) (strneq(req,"POST ",5) || strneq(req,"PUT ",4))
+ 
  char *searchSpec(conninfo,specs,statline,head)
  	char *conninfo,*specs,*statline,*head;
  {	char ictype[1024],iagent[1024],iserver[1024],iencode[1024];
***************
*** 174,179 ****
--- 177,185 ----
  	dp = wordScan(dp,iourl);
  
  	request[0] = 0;
+ 	if( !IsHttpResp(statline) )
+ 		lineScan(statline,request);
+ 	else
  	getFV(head,"X-Request",request);
  	dp = wordScan(request,imethod);
  	dp = wordScan(dp,iurl);
***************
*** 430,435 ****
--- 436,447 ----
  
  	filterFields(spec,head);
  
+ 	if( !IsHttpResp(statline) && IsHttpReqWithBody(statline) ){
+ 		FILE *sin = in;
+ 		in = TMPFILE("Request-Body");
+ 		HTTP_getBody(statline,head,sin,in);
+ 		fclose(sin);
+ 	}
  	if( getFieldValue2(head,"Content-Encoding",enc,sizeof(enc)) ){
  		FILE *sin = in;
  		in = Gunzip(enc,in);
***************
*** 496,504 ****
--- 508,528 ----
  		getFV(head,"X-Request-Original",oreq);
  		getFV(head,"X-Request",req);
  
+ 		if( !IsHttpResp(statline) && !IsHttpReqWithBody(statline) )
+ 			in = TMPFILE("Empty-Request-Body\n");
+ 
  		system_CGI(conninfo,oreq,req,head,cgi,in,intmp);
  		fseek(intmp,0,0);
+ 		/*
  		fgets(statline,sizeof(statline),intmp);
+ 		*/
+ 		if( IsHttpResp(statline) ){
+ 			fgets(statline,1024,intmp);
+ 		}else{
+ 			char stat[1024];
+ 			fgets(stat,sizeof(stat),intmp);
+ 			/* it should be the rewritten Request line ... */
+ 		}
  		head = xhead = RFC822_readHeader(intmp,0);
  		in = intmp;
  	}

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V