4.6.2.2. Configuring policies for HTTP requests and responses

Changing the default behavior of requests is possible using the request attribute. This hash is indexed by the HTTP method names (e.g.: GET or POST). The response attribute (indexed by the request method and the response code) enables the control of HTTP responses. The possible actions are described in the following tables. See also Section 2.1, Policies for requests and responses. When looking up entries of the response attribute hash, the lookup precedence described in Section 2.1.2, Response codes is used.

ActionDescription
HTTP_REQ_ACCEPT

Allow the request to pass.

HTTP_REQ_REJECT

Reject the request. The reason for the rejection can be specified in the optional second argument.

HTTP_REQ_ABORT

Terminate the connection.

HTTP_REQ_POLICY

Call the function specified to make a decision about the event. The function receives four arguments: self, method, url, version. See Section 2.1, Policies for requests and responses for details.

Table 4.8.  Action codes for HTTP requests

ActionDescription
HTTP_RSP_ACCEPT Allow the response to pass.
HTTP_RSP_DENY Reject the response and return a policy violation page to the client.
HTTP_RSP_REJECT Reject the response and return a policy violation page to the client, with error information optionally specified as the second argument.
HTTP_RSP_POLICY Call the function specified to make a decision about the event. The function receives five parameters: self, method, url, version, response. See Section 2.1, Policies for requests and responses for details.

Table 4.9.  Action codes for HTTP responses

Example 4.7. Implementing URL filtering in the HTTP proxy

This example calls the filterURL function (defined in the example) whenever a HTTP GET request is received. If the requested URL is 'http://www.disallowedsite.com', the request is rejected and an error message is sent to the client.

class DmzHTTP(HttpProxy):
        def config(self):
                HttpProxy.config(self)
                self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL)

        def filterURL(self, method, url, version):
                if (url == "http://www.disallowedsite.com"):
                        self.error_info = 'Access of this content is denied by the local policy.'
                        return HTTP_REQ_REJECT
                return HTTP_REQ_ACCECT
Example 4.8. 404 response filtering in HTTP

In this example the 404 response code to GET requests is rejected, and a custom error message is returned to the clients instead.

class DmzHTTP(HttpProxy):
        def config(self):
                HttpProxy.config(self)
                self.response["GET", "404"] = (HTTP_RSP_POLICY, self.filter404)

        def filter404(self, method, url, version, response):
                self.error_status = 404
                self.error_info = "Requested page was not accessible."
                return HTTP_RSP_REJECT