Changing the default behavior of requests is possible using the
request attribute. This hash is indexed by the HTTP method
names (e.g.: GET or POST). The response attribute (indexed by the request method and the response code) enables the control of HTTP responses. The possible actions are described in the following tables. See also Section 2.1, Policies for requests and responses. When looking up entries of the response attribute hash, the lookup precedence described in Section 2.1.2, Response codes is used.
| Action | Description |
|---|---|
| HTTP_REQ_ACCEPT |
Allow the request to pass. |
| HTTP_REQ_REJECT |
Reject the request. The reason for the rejection can be specified in the optional second argument. |
| HTTP_REQ_ABORT |
Terminate the connection. |
| HTTP_REQ_POLICY |
Call the function specified to make a decision about the event. The function receives four arguments: self, method, url, version. See Section 2.1, Policies for requests and responses for details. |
Table 4.10. Action codes for HTTP requests
| Action | Description |
|---|---|
| HTTP_RSP_ACCEPT | Allow the response to pass. |
| HTTP_RSP_DENY | Reject the response and return a policy violation page to the client. |
| HTTP_RSP_REJECT | Reject the response and return a policy violation page to the client, with error information optionally specified as the second argument. |
| HTTP_RSP_POLICY | Call the function specified to make a decision about the event. The function receives five parameters: self, method, url, version, response. See Section 2.1, Policies for requests and responses for details. |
Table 4.11. Action codes for HTTP responses
| Example 4.8. Implementing URL filtering in the HTTP proxy |
|---|
|
This example calls the filterURL function (defined in the example) whenever a HTTP GET request is received. If the requested URL is 'http://www.disallowedsite.com', the request is rejected and an error message is sent to the client. class DmzHTTP(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL)
def filterURL(self, method, url, version):
if (url == "http://www.disallowedsite.com"):
self.error_info = 'Access of this content is denied by the local policy.'
return HTTP_REQ_REJECT
return HTTP_REQ_ACCECT
|
| Example 4.9. 404 response filtering in HTTP |
|---|
|
In this example the 404 response code to GET requests is rejected, and a custom error message is returned to the clients instead. class DmzHTTP(HttpProxy):
def config(self):
HttpProxy.config(self)
self.response["GET", "404"] = (HTTP_RSP_POLICY, self.filter404)
def filter404(self, method, url, version, response):
self.error_status = 404
self.error_info = "Requested page was not accessible."
return HTTP_RSP_REJECT
|
Published on March 04, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
