Forward http message as is

Leandro Cruz leandro.saad at gmail.com
Mon Jan 11 12:44:07 EST 2010 

Hi Ron.
Do you have the complete source code for your example?

--
Leandro Rodrigo Saad Cruz


On Fri, Jan 8, 2010 at 9:25 PM, rzo <rzo at gmx.de> wrote:

>  Hello,
>
> I tried a few times to create an entry on the jboss wiki.
> But it hangs every time I click the create new entry.
>
> I am therefore including it here:
>
> Netty Example: implementing a simple WAF (Web Application Firewall)
> This example shows how to implement a simple WAF (Web Application Firewall<http://de.wikipedia.org/wiki/Web_Application_Firewall>)
> using netty.
> For this we create a proxy server which receives the http requests. If  the
> request is ok, the "bytes"
> received are forwarded to the web server.
>
> As starting point we use the HexDumpProxy example which comes with the
> netty distribution.
> We adapt the PipelineFactory from the example by adding the InterceptStart,
> HttpDecoder and InterceptStop handlers.
>
>  public class WafPipelineFactory implements ChannelPipelineFactory {         private final ClientSocketChannelFactory cf;
> private final String remoteHost;     private final int remotePort;
>     public WafPipelineFactory(ClientSocketChannelFactory cf, String
> remoteHost, int remotePort) {         this.cf = cf;
> this.remoteHost = remoteHost;         this.remotePort = remotePort;     }
>          public ChannelPipeline getPipeline() throws Exception {
>         ChannelPipeline pipeline = pipeline();            *pipeline.addLast("interceptStart", new InterceptStart());
> *            * pipeline.addLast("decoder", new HttpRequestDecoder());* *            pipeline.addLast("aggregator", new
> HttpChunkAggregator(1048576));* *
> pipeline.addLast("interceptStop", new InterceptStop());*
> pipeline.addLast("handler", new HexDumpProxyInboundHandler(cf, remoteHost,
> remotePort));
>             return pipeline;         }     }
> InterceptStart intercepts all incoming messages and makes a copy into a
> local buffer
>
>  public class InterceptStart extends SimpleChannelUpstreamHandler {
>     ChannelBuffer buf = null;          @Override      public void
> messageReceived(ChannelHandlerContext ctx, MessageEvent evt) throws
> Exception      {          ChannelBuffer m = (ChannelBuffer)
> evt.getMessage();          ChannelBuffer buf = (ChannelBuffer)
> ctx.getAttachment();          if (buf == null)          {              //
> if this is a new connection create a new buffer and attach it to the context
>          buf = dynamicBuffer();              ctx.setAttachment(buf);
>      }          // copy the incoming bytes to the buffer
>  m.markReaderIndex();          buf.writeBytes(m);
>  m.resetReaderIndex();          // send the buffer further upstream to the
> HttpDecoder          super.messageReceived(ctx, evt);         } }
> InterceptStop receives the http request, analyzes it, and if ok gets the
> copy buffer from InterceptStart and forwards it to the http proxy
>
>  public class InterceptStop extends SimpleChannelUpstreamHandler {
>             @Override              public void
> messageReceived(ChannelHandlerContext ctx, MessageEvent evt) {
>      if (evt.getMessage() != null)                  {
>  HttpRequest request = (HttpRequest) evt.getMessage();
>  // make sure that the http request is complete
>                     // this may not be necessary ??
>                      if (request.getContentLength() == 0 ||
> request.getContentLength() == request.getContent().writerIndex())
>              {                      ChannelBuffer buf = (ChannelBuffer)
> ctx.getPipeline().getContext("interceptStart").getAttachment();
>          if (buf == null)                      {
>  System.out.println("this should not happen");                      }
>                  else if (buf.writerIndex() != 0)                      {
>                        // check the request                           if (
> ! wafCheck(request))                           {
>             // bad request -> close the channel
>          cts.getChannel.close();
>  return;                             }
>  // request is ok, remove the copy the interceptor
>      ctx.getPipeline().getContext("interceptStart").setAttachment(null);
>                         // forward the buffer to the proxy
>             ctx.sendUpstream(new UpstreamMessageEvent(evt.getChannel(), buf,
> evt.getRemoteAddress()));                      }                      }
>                  }                 } }
> To check the http request one may use the OWASP Stinger Project<http://www.owasp.org/index.php/Category:OWASP_Stinger_Project>or a similar framework.
> Since these frameworks generally analyze a HttpServletRequest<http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletRequest.html>we need an
> adapter <http://en.wikipedia.org/wiki/Adapter_pattern> to adapt to the
> netty HttpRequest.
> Implementing the adapter is straight forward.
>
>
>
>
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/netty-users/attachments/20100111/30750026/attachment.html

More information about the netty-users mailing list