[Twisted-Python] Need help with writing a secure Iran Proxy
Hi! Could I kindly ask all the Twisted Gurus to take a look Austin Heaps Best Proxy Practices for Iran http://blog.austinheap.com/ The current setup (Squid & iptables) everybody uses is extremely complicated to setup and it should be trivial to implement the requirements in Twisted. Turn it into an egg and allow everybody to simple type easy_install iranproxy. I know a little bit of Twisted, because I'm an avid Zenoss user and in different circumstanced I would write the proxy on my own. But in this case a safe implementation is a real must and I'm really worried to make some stupid beginner mistakes. So some (example) code and links to websites I should read would be greatly appreciated. Thanks to everybody! cu andreas
Of course it depends on you definition of "safe" and "secure", but there's a few examples around the net. Here's a few: http://wiki.python.org/moin/Twisted-Examples http://www.linuxjournal.com/article/7871 http://proxies.xhaus.com/ If you want to add proxy authentication, it shouldn't be too difficult...check out RFC 2068. http://www.ietf.org/rfc/rfc2068.txt (esp sections 10.4.8, 11, and 14.33-34) It should be similar to implementing basic HTTP auth, except you want to use the Proxy-Authenticate and Proxy-Authorization headers instead of the regular ones. I'm guessing the flow would go something like: - client requests a proxied resource ( without a Proxy-Authorization header ) - server sends back a 407 with a Proxy-Authenticate header - client prompts user for credentials - client provides request again with Proxy-Authorization header - server proxies the resource of course I'm no expert on web proxies so don't take my word for it... I think you should be able to do the above by overriding some of the proxy classes in twisted.web.proxy Good Luck! Kevin Horn On Thu, Jun 18, 2009 at 2:44 AM, Andreas Trawoeger <atrawog@gmail.com>wrote:
Of course it depends on you definition of "safe" and "secure", but there's a few examples around the net. Here's a few: http://wiki.python.org/moin/Twisted-Examples http://www.linuxjournal.com/article/7871 http://proxies.xhaus.com/ If you want to add proxy authentication, it shouldn't be too difficult...check out RFC 2068. http://www.ietf.org/rfc/rfc2068.txt (esp sections 10.4.8, 11, and 14.33-34) It should be similar to implementing basic HTTP auth, except you want to use the Proxy-Authenticate and Proxy-Authorization headers instead of the regular ones. I'm guessing the flow would go something like: - client requests a proxied resource ( without a Proxy-Authorization header ) - server sends back a 407 with a Proxy-Authenticate header - client prompts user for credentials - client provides request again with Proxy-Authorization header - server proxies the resource of course I'm no expert on web proxies so don't take my word for it... I think you should be able to do the above by overriding some of the proxy classes in twisted.web.proxy Good Luck! Kevin Horn On Thu, Jun 18, 2009 at 2:44 AM, Andreas Trawoeger <atrawog@gmail.com>wrote:
participants (2)
-
Andreas Trawoeger -
Kevin Horn