Re: Apache 2.0, mod_perl filter question
Hello, I am trying to filter DECRYPTED, PLAIN TEXT data. I attached my two configuration files. If more information needed i can send my logs. Ideally I want to make a setup where encryption/decryption being done twice in order to filter DECRYPTED, PLAIN TEXT data(correct me if I am wrong) Like SSL-enabled browser - Proxy (SSL, Apache) - Proxy (non SSL, Apache, here goes filtering) - another Proxy ( SSL, Apache) - Server (SSL) At this time i made some little perl script and it works for GET, having some troubles with POST, so if you are aware about this problem SSL + proxy + POST, please let me know (sorry for offtopic) #!/usr/bin/perl -w use URI::URL; use LWP::UserAgent; use HTTP::Request; use HTTP::Request::Common; use HTTP::Request::Form; use HTML::TreeBuilder 3.0; use HTTP::Cookies; my $ua = LWP::UserAgent-new; $ua-proxy('https','https://localhost'); my $url = url 'https://some.server.com:1200/'; my $cookie_jar = HTTP::Cookies-new(); my $res = $ua-request(GET $url); my $tree = HTML::TreeBuilder-new; $tree-parse($res-content); $tree-eof(); my @forms = $tree-find_by_tag_name('FORM'); my $f = HTTP::Request::Form-new($forms[0], $url); $f-field(nm, user); $f-field(pwd, password); my $response = $ua-request($f-press(submit)); $cookie_jar-extract_cookies($response); $cookie_jar-save(); print $response-content if $response-is_success; ie, non-SSL browser - proxy + mod_ssl + mod_perl filter - server works for me for GET If I do the same with IE, ie Tools-Internet Options-Connections-Lan Settings-use a proxy server and put here address of my apache server, I am getting 403 Forbidden. I cannot explain this. Any help, ideas, etc are highly appreciated. Thanks, Ilia --- Stas Bekman [EMAIL PROTECTED] wrote: Ilia Rassadzin wrote: Hello mod_perl, I have some problems with filtering HTTPS traffic. I modified for my needs FilterSnoop module from Stas Bekman filter tutorial. It perfectly sees HTTP data, but not HTTPS. Does anyone have any suggestions(ideas) about how to implement a filter which will see HTTPS? Thanks in advance I need more input from you. Are you trying to filter an encrypted data stream? mod_perl connection filters, happen after the incoming data has been decrypted and the outgoing data hasn't been yet encrypted. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com# # Based upon the NCSA server configuration files originally by Rob McCool. # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See URL:http://httpd.apache.org/docs-2.0/ for detailed information about # the directives. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with / (or drive:/ for Win32), the # server will use that explicit path. If the filenames do *not* begin # with /, the value of ServerRoot is prepended -- so logs/foo.log # with ServerRoot set to /usr/local/apache2 will be interpreted by the # server as /usr/local/apache2/logs/foo.log. # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation (available # at URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html
Re: Apache 2.0, mod_perl filter question
Hello, I am trying to use as a proxy Apache 2.0 which includes mod_proxy and mod_ssl. I am trying to use mod_perl for parsing/changing decrypted plain text HTML data passed over SSL. maybe there are other ways to do this, let me know. The script shows that it is theoretically possibly to parse/modify HTML passed over SSL in case of GET (working on POST at this time) with a given setup: SSL-unaware browser - mod_proxy+mod_ssl+mod_perl - SSL server this question should probably be like 'How to setup Apache + mod_ssl + mod_proxy + mod_perl to make filtering of plain HTML passed over SSL possible?' minimal setup: IfModule mod_proxy.c PerlModule MyApache::FilterSnoop Proxy * PerlOutputFilterHandler MyApache::FilterSnoop::connection /Proxy /IfModule VirtualHost _default_:443 SSLEngine on SSLProxyEngine on SetHandler modperl PerlOutputFilterHandler MyApache::FilterSnoop::connection AllowCONNECT 80 443 563 1200 1300 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key CustomLog logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost --- Stas Bekman [EMAIL PROTECTED] wrote: Ilia Rassadzin wrote: Hello, I am trying to filter DECRYPTED, PLAIN TEXT data. I attached my two configuration files. If more information needed i can send my logs. Ideally I want to make a setup where encryption/decryption being done twice in order to filter DECRYPTED, PLAIN TEXT data(correct me if I am wrong) Like SSL-enabled browser - Proxy (SSL, Apache) - Proxy (non SSL, Apache, here goes filtering) - another Proxy ( SSL, Apache) - Server (SSL) So you try to use mod_perl 2.0 as a proxy, which decrypts the stream, does something to it, encrypts it back and sends it further? I'm not sure whether this should work, aren't you suppose to somehow reconstruct the keys in order for this to work? What would be the minimal setup to setup a test environment? At this time i made some little perl script and it works for GET, having some troubles with POST, so if you are aware about this problem SSL + proxy + POST, please let me know (sorry for offtopic) #!/usr/bin/perl -w use URI::URL; use LWP::UserAgent; use HTTP::Request; use HTTP::Request::Common; use HTTP::Request::Form; use HTML::TreeBuilder 3.0; use HTTP::Cookies; my $ua = LWP::UserAgent-new; $ua-proxy('https','https://localhost'); my $url = url 'https://some.server.com:1200/'; my $cookie_jar = HTTP::Cookies-new(); my $res = $ua-request(GET $url); my $tree = HTML::TreeBuilder-new; $tree-parse($res-content); $tree-eof(); my @forms = $tree-find_by_tag_name('FORM'); my $f = HTTP::Request::Form-new($forms[0], $url); $f-field(nm, user); $f-field(pwd, password); my $response = $ua-request($f-press(submit)); $cookie_jar-extract_cookies($response); $cookie_jar-save(); print $response-content if $response-is_success; ie, non-SSL browser - proxy + mod_ssl + mod_perl filter - server works for me for GET If I do the same with IE, ie Tools-Internet Options-Connections-Lan Settings-use a proxy server and put here address of my apache server, I am getting 403 Forbidden. I cannot explain this. Any help, ideas, etc are highly appreciated. I'm not sure how this script helps to understand your problem with filtering. Neither a huge config file, most of it irrelevant to the problem. What we need is a set of short script/handlers and a minimal config file with which we can reproduce the problem. Ideally, if you can submit patches to our test suite to accomplish this setup that would be the simplest. All we will have to do is to make it working. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Apache 2.0, mod_perl filter question
Hello mod_perl, I have some problems with filtering HTTPS traffic. I modified for my needs FilterSnoop module from Stas Bekman filter tutorial. It perfectly sees HTTP data, but not HTTPS. Does anyone have any suggestions(ideas) about how to implement a filter which will see HTTPS? Thanks in advance Ilia __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com