Article delegate-en/868 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Need help with filtering
09 Aug 2000 19:46:46 GMT Max Tran <pmqbqbdyi-dyd2yvei2bxr.ml@ml.delegate.org>


Hi,

I am working on a FFROMCL filter that block access to certain sites
based upon information
passed by the client. But I am having some problem getting it to work
right and would
greatly appreciate any help. I am wondering if it possible to redirect a
user, using
information passed by his browser?

Here is a description of the filter design. It read from standard input
and print to standard
output after being checked. If the line is the Referer or Cookie header,
the line is parsed to
get information used in deciding to block or not.  The Referer header is
parsed to get the
requested site and the Cookie header is parsed to get the user's
institution.  For example,
with the following client request:

 GET /oed/public/images/hp-oup.gif HTTP/1.0
 Referer: http://myserver.mydomain:9999/oed/
 Connection: Keep-Alive
 User-Agent: Mozilla/4.7 [en] (WinNT; I)
 Host: myserver.mydomain:9999
 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png
 Accept-Encoding: gzip
 Accept-Language: en
 Accept-Charset: iso-8859-1,*,utf-8
 Cookie: auth=7a570a246838db7748c612ffd73as2ug

the requested site would be "oed" and the institution would be "as2ug".
The filter would do a
lookup based upon the requested site and the user's institution to see
if the user is allow access.
If no, the user is redirect to a page saying 'Access Denied', by
printing a "Location" header to STDOUT.
If yes, the request goes through.

The problem is that the filter would hang the client, if he is from an
unauthorized institution.
So the problem is caused by the Location header. Is there a way to
redirect the client to another
page?

I am using Delegate6.1.17 and my current set up is as follow:

 clients -> Http Delegate -> Apache proxy -> remote sites.

The Apache proxy is there to check if the user has an authorization
cookie.
If I get this filter to work,  I should be able to do away with it.

For those who know perl, below is the code for the filter.

---Begin of code---
#!/usr/local/bin/perl
$| = 1;

#initialize institution banned sites hash
%as2ug = ( 'oed', '1', 'su', '1', 'ln', '1' );

while(<>){
 if ( m[^Referer: http://(.*)] ){
  $site = $1; @temp = split("/",$site); $site = $temp[1];
  }
 if ( m[^Cookie.*auth=(\w+).*] ){
  $inst = $1; $inst =~s/.*(\w{5})/$1/;
 }
 $temp=${"$inst"}{$site};
 if ($temp){
         print "Location:
http://myotherserver.mydomain/auth/unauth.html";
 } else {
  print $_;
 }
}
---End---

--
"Soon you will know a new spirit of hope is entering the Earth."
http://www.TheTeacher.org
Signs of his presence? http://www.TheMiraclesPage.org
Fight Hunger, visit http://www.thehungersite.org



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V