Hello,
I am trying to use as a proxy Apache 2.0 which
includes mod_proxy and mod_ssl.
I am trying to use mod_perl for parsing/changing
decrypted plain text HTML data passed over SSL.
maybe there are other ways to do this, let me know.
The script shows that it is theoretically possibly to
parse/modify HTML passed over SSL in case of GET
(working on POST at this time) with a given setup:
SSL-unaware browser <-> mod_proxy+mod_ssl+mod_perl <->
SSL server
this question should probably be like 'How to setup
Apache + mod_ssl + mod_proxy + mod_perl to make
filtering of plain HTML passed over SSL possible?'
minimal setup:
<IfModule mod_proxy.c>
PerlModule MyApache::FilterSnoop
<Proxy *>
PerlOutputFilterHandler
MyApache::FilterSnoop::connection
</Proxy>
</IfModule>
<VirtualHost _default_:443>
SSLEngine on
SSLProxyEngine on
SetHandler modperl
PerlOutputFilterHandler
MyApache::FilterSnoop::connection
AllowCONNECT 80 443 563 1200 1300
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
/usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/usr/local/apache2/conf/ssl.key/server.key
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
\"%r\" %b"
</VirtualHost>
--- Stas Bekman <[EMAIL PROTECTED]> wrote:
> Ilia Rassadzin wrote:
> > Hello,
> >
> >
> > I am trying to filter DECRYPTED, PLAIN TEXT data.
> I
> > attached my two configuration files. If more
> > information needed i can send my logs.
> > Ideally I want to make a setup where
> > encryption/decryption being done twice in order to
> > filter DECRYPTED, PLAIN TEXT data(correct me if I
> am
> > wrong)
> > Like SSL-enabled browser <-> Proxy (SSL, Apache)
> <->
> > Proxy (non SSL, Apache, here goes filtering) <->
> > another Proxy ( SSL, Apache) <-> Server (SSL)
>
> So you try to use mod_perl 2.0 as a proxy, which
> decrypts the stream, does
> something to it, encrypts it back and sends it
> further? I'm not sure whether
> this should work, aren't you suppose to somehow
> reconstruct the keys in order
> for this to work?
>
> What would be the minimal setup to setup a test
> environment?
>
> > At this time i made some little perl script
> > and it works for GET, having some troubles with
> POST,
> > so if you are aware about this problem SSL + proxy
> +
> > POST, please let me know (sorry for offtopic)
> >
> > #!/usr/bin/perl -w
> >
> > use URI::URL;
> > use LWP::UserAgent;
> > use HTTP::Request;
> > use HTTP::Request::Common;
> > use HTTP::Request::Form;
> > use HTML::TreeBuilder 3.0;
> > use HTTP::Cookies;
> >
> > my $ua = LWP::UserAgent->new;
> > $ua->proxy('https','https://localhost');
> > my $url = url 'https://some.server.com:1200/';
> > my $cookie_jar = HTTP::Cookies->new();
> > my $res = $ua->request(GET $url);
> > my $tree = HTML::TreeBuilder->new;
> > $tree->parse($res->content);
> > $tree->eof();
> >
> > my @forms = $tree->find_by_tag_name('FORM');
> > my $f = HTTP::Request::Form->new($forms[0], $url);
> > $f->field("nm", "user");
> > $f->field("pwd", "password");
> > my $response = $ua->request($f->press("submit"));
> > $cookie_jar->extract_cookies($response);
> > $cookie_jar->save();
> > print $response->content if $response->is_success;
> >
> > ie, non-SSL browser <-> proxy + mod_ssl + mod_perl
> > filter <-> server works for me for GET
> >
> > If I do the same with IE, ie Tools->Internet
> > Options->Connections->Lan Settings->use a proxy
> server
> >
> > and put here address of my apache server, I am
> getting
> > 403 Forbidden.
> > I cannot explain this.
> > Any help, ideas, etc are highly appreciated.
>
> I'm not sure how this script helps to understand
> your problem with filtering.
> Neither a huge config file, most of it irrelevant to
> the problem.
>
> What we need is a set of short script/handlers and a
> minimal config file with
> which we can reproduce the problem.
>
> Ideally, if you can submit patches to our test suite
> to accomplish this setup
> that would be the simplest. All we will have to do
> is to make it working.
>
>
__________________________________________________________________
> Stas Bekman JAm_pH ------> Just Another
> mod_perl Hacker
> http://stason.org/ mod_perl Guide --->
> http://perl.apache.org
> mailto:[EMAIL PROTECTED] http://use.perl.org
> http://apacheweek.com
> http://modperlbook.org http://apache.org
> http://ticketmaster.com
>
>
>
> --
> Reporting bugs: http://perl.apache.org/bugs/
> Mail list info:
> http://perl.apache.org/maillist/modperl.html
>
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
