Changing the default behavior of requests is possible using the
request
attribute. This hash is indexed by the HTTP method
names (e.g.: GET or POST). The response
attribute (indexed by the request method and the response code) enables the control of HTTP responses. The possible actions are described in the following tables. See also Section 2.1, Policies for requests and responses. When looking up entries of the response
attribute hash, the lookup precedence described in Section 2.1.2, Response codes is used.
Action | Description |
---|---|
HTTP_REQ_ACCEPT |
Allow the request to pass. |
HTTP_REQ_REJECT |
Reject the request. The reason for the rejection can be specified in the optional second argument. |
HTTP_REQ_ABORT |
Terminate the connection. |
HTTP_REQ_POLICY |
Call the function specified to make a decision about the event. The function receives four arguments: self, method, url, version. See Section 2.1, Policies for requests and responses for details. |
Table 4.8. Action codes for HTTP requests
Action | Description |
---|---|
HTTP_RSP_ACCEPT | Allow the response to pass. |
HTTP_RSP_DENY | Reject the response and return a policy violation page to the client. |
HTTP_RSP_REJECT | Reject the response and return a policy violation page to the client, with error information optionally specified as the second argument. |
HTTP_RSP_POLICY | Call the function specified to make a decision about the event. The function receives five parameters: self, method, url, version, response. See Section 2.1, Policies for requests and responses for details. |
Table 4.9. Action codes for HTTP responses
Example 4.7. Implementing URL filtering in the HTTP proxy |
---|
This example calls the filterURL function (defined in the example) whenever a HTTP GET request is received. If the requested URL is 'http://www.disallowedsite.com', the request is rejected and an error message is sent to the client. class DmzHTTP(HttpProxy): def config(self): HttpProxy.config(self) self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL) def filterURL(self, method, url, version): if (url == "http://www.disallowedsite.com"): self.error_info = 'Access of this content is denied by the local policy.' return HTTP_REQ_REJECT return HTTP_REQ_ACCECT |
Example 4.8. 404 response filtering in HTTP |
---|
In this example the 404 response code to GET requests is rejected, and a custom error message is returned to the clients instead. class DmzHTTP(HttpProxy): def config(self): HttpProxy.config(self) self.response["GET", "404"] = (HTTP_RSP_POLICY, self.filter404) def filter404(self, method, url, version, response): self.error_status = 404 self.error_info = "Requested page was not accessible." return HTTP_RSP_REJECT |
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu