Hello, I am trying to use as a proxy Apache 2.0 which includes mod_proxy and mod_ssl. I am trying to use mod_perl for parsing/changing decrypted plain text HTML data passed over SSL. maybe there are other ways to do this, let me know.
The script shows that it is theoretically possibly to parse/modify HTML passed over SSL in case of GET (working on POST at this time) with a given setup: SSL-unaware browser <-> mod_proxy+mod_ssl+mod_perl <-> SSL server this question should probably be like 'How to setup Apache + mod_ssl + mod_proxy + mod_perl to make filtering of plain HTML passed over SSL possible?' minimal setup: <IfModule mod_proxy.c> PerlModule MyApache::FilterSnoop <Proxy *> PerlOutputFilterHandler MyApache::FilterSnoop::connection </Proxy> </IfModule> <VirtualHost _default_:443> SSLEngine on SSLProxyEngine on SetHandler modperl PerlOutputFilterHandler MyApache::FilterSnoop::connection AllowCONNECT 80 443 563 1200 1300 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> --- Stas Bekman <[EMAIL PROTECTED]> wrote: > Ilia Rassadzin wrote: > > Hello, > > > > > > I am trying to filter DECRYPTED, PLAIN TEXT data. > I > > attached my two configuration files. If more > > information needed i can send my logs. > > Ideally I want to make a setup where > > encryption/decryption being done twice in order to > > filter DECRYPTED, PLAIN TEXT data(correct me if I > am > > wrong) > > Like SSL-enabled browser <-> Proxy (SSL, Apache) > <-> > > Proxy (non SSL, Apache, here goes filtering) <-> > > another Proxy ( SSL, Apache) <-> Server (SSL) > > So you try to use mod_perl 2.0 as a proxy, which > decrypts the stream, does > something to it, encrypts it back and sends it > further? I'm not sure whether > this should work, aren't you suppose to somehow > reconstruct the keys in order > for this to work? > > What would be the minimal setup to setup a test > environment? > > > At this time i made some little perl script > > and it works for GET, having some troubles with > POST, > > so if you are aware about this problem SSL + proxy > + > > POST, please let me know (sorry for offtopic) > > > > #!/usr/bin/perl -w > > > > use URI::URL; > > use LWP::UserAgent; > > use HTTP::Request; > > use HTTP::Request::Common; > > use HTTP::Request::Form; > > use HTML::TreeBuilder 3.0; > > use HTTP::Cookies; > > > > my $ua = LWP::UserAgent->new; > > $ua->proxy('https','https://localhost'); > > my $url = url 'https://some.server.com:1200/'; > > my $cookie_jar = HTTP::Cookies->new(); > > my $res = $ua->request(GET $url); > > my $tree = HTML::TreeBuilder->new; > > $tree->parse($res->content); > > $tree->eof(); > > > > my @forms = $tree->find_by_tag_name('FORM'); > > my $f = HTTP::Request::Form->new($forms[0], $url); > > $f->field("nm", "user"); > > $f->field("pwd", "password"); > > my $response = $ua->request($f->press("submit")); > > $cookie_jar->extract_cookies($response); > > $cookie_jar->save(); > > print $response->content if $response->is_success; > > > > ie, non-SSL browser <-> proxy + mod_ssl + mod_perl > > filter <-> server works for me for GET > > > > If I do the same with IE, ie Tools->Internet > > Options->Connections->Lan Settings->use a proxy > server > > > > and put here address of my apache server, I am > getting > > 403 Forbidden. > > I cannot explain this. > > Any help, ideas, etc are highly appreciated. > > I'm not sure how this script helps to understand > your problem with filtering. > Neither a huge config file, most of it irrelevant to > the problem. > > What we need is a set of short script/handlers and a > minimal config file with > which we can reproduce the problem. > > Ideally, if you can submit patches to our test suite > to accomplish this setup > that would be the simplest. All we will have to do > is to make it working. > > __________________________________________________________________ > Stas Bekman JAm_pH ------> Just Another > mod_perl Hacker > http://stason.org/ mod_perl Guide ---> > http://perl.apache.org > mailto:[EMAIL PROTECTED] http://use.perl.org > http://apacheweek.com > http://modperlbook.org http://apache.org > http://ticketmaster.com > > > > -- > Reporting bugs: http://perl.apache.org/bugs/ > Mail list info: > http://perl.apache.org/maillist/modperl.html > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html