Forward http message as is

rzo rzo at gmx.de
Mon Jan 11 13:23:43 EST 2010 

Hi,

I will post the code with a separate mail.
The source also contains an implementation of a cache. But this is still 
buggy.

-- ron

On 11.01.2010 18:44, Leandro Cruz wrote:
> Hi Ron.
> Do you have the complete source code for your example?
>
> --
> Leandro Rodrigo Saad Cruz
>
>
> On Fri, Jan 8, 2010 at 9:25 PM, rzo<rzo at gmx.de>  wrote:
>
>    
>>   Hello,
>>
>> I tried a few times to create an entry on the jboss wiki.
>> But it hangs every time I click the create new entry.
>>
>> I am therefore including it here:
>>
>> Netty Example: implementing a simple WAF (Web Application Firewall)
>> This example shows how to implement a simple WAF (Web Application Firewall<http://de.wikipedia.org/wiki/Web_Application_Firewall>)
>> using netty.
>> For this we create a proxy server which receives the http requests. If  the
>> request is ok, the "bytes"
>> received are forwarded to the web server.
>>
>> As starting point we use the HexDumpProxy example which comes with the
>> netty distribution.
>> We adapt the PipelineFactory from the example by adding the InterceptStart,
>> HttpDecoder and InterceptStop handlers.
>>
>>   public class WafPipelineFactory implements ChannelPipelineFactory {         private final ClientSocketChannelFactory cf;
>> private final String remoteHost;     private final int remotePort;
>>      public WafPipelineFactory(ClientSocketChannelFactory cf, String
>> remoteHost, int remotePort) {         this.cf = cf;
>> this.remoteHost = remoteHost;         this.remotePort = remotePort;     }
>>           public ChannelPipeline getPipeline() throws Exception {
>>          ChannelPipeline pipeline = pipeline();            *pipeline.addLast("interceptStart", new InterceptStart());
>> *            * pipeline.addLast("decoder", new HttpRequestDecoder());* *            pipeline.addLast("aggregator", new
>> HttpChunkAggregator(1048576));* *
>> pipeline.addLast("interceptStop", new InterceptStop());*
>> pipeline.addLast("handler", new HexDumpProxyInboundHandler(cf, remoteHost,
>> remotePort));
>>              return pipeline;         }     }
>> InterceptStart intercepts all incoming messages and makes a copy into a
>> local buffer
>>
>>   public class InterceptStart extends SimpleChannelUpstreamHandler {
>>      ChannelBuffer buf = null;          @Override      public void
>> messageReceived(ChannelHandlerContext ctx, MessageEvent evt) throws
>> Exception      {          ChannelBuffer m = (ChannelBuffer)
>> evt.getMessage();          ChannelBuffer buf = (ChannelBuffer)
>> ctx.getAttachment();          if (buf == null)          {              //
>> if this is a new connection create a new buffer and attach it to the context
>>           buf = dynamicBuffer();              ctx.setAttachment(buf);
>>       }          // copy the incoming bytes to the buffer
>>   m.markReaderIndex();          buf.writeBytes(m);
>>   m.resetReaderIndex();          // send the buffer further upstream to the
>> HttpDecoder          super.messageReceived(ctx, evt);         } }
>> InterceptStop receives the http request, analyzes it, and if ok gets the
>> copy buffer from InterceptStart and forwards it to the http proxy
>>
>>   public class InterceptStop extends SimpleChannelUpstreamHandler {
>>              @Override              public void
>> messageReceived(ChannelHandlerContext ctx, MessageEvent evt) {
>>       if (evt.getMessage() != null)                  {
>>   HttpRequest request = (HttpRequest) evt.getMessage();
>>   // make sure that the http request is complete
>>                      // this may not be necessary ??
>>                       if (request.getContentLength() == 0 ||
>> request.getContentLength() == request.getContent().writerIndex())
>>               {                      ChannelBuffer buf = (ChannelBuffer)
>> ctx.getPipeline().getContext("interceptStart").getAttachment();
>>           if (buf == null)                      {
>>   System.out.println("this should not happen");                      }
>>                   else if (buf.writerIndex() != 0)                      {
>>                         // check the request                           if (
>> ! wafCheck(request))                           {
>>              // bad request ->  close the channel
>>           cts.getChannel.close();
>>   return;                             }
>>   // request is ok, remove the copy the interceptor
>>       ctx.getPipeline().getContext("interceptStart").setAttachment(null);
>>                          // forward the buffer to the proxy
>>              ctx.sendUpstream(new UpstreamMessageEvent(evt.getChannel(), buf,
>> evt.getRemoteAddress()));                      }                      }
>>                   }                 } }
>> To check the http request one may use the OWASP Stinger Project<http://www.owasp.org/index.php/Category:OWASP_Stinger_Project>or a similar framework.
>> Since these frameworks generally analyze a HttpServletRequest<http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletRequest.html>we need an
>> adapter<http://en.wikipedia.org/wiki/Adapter_pattern>  to adapt to the
>> netty HttpRequest.
>> Implementing the adapter is straight forward.
>>
>>
>>
>>
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-users
>>
>>
>>      
>    
>
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/netty-users/attachments/20100111/d5b6344c/attachment-0001.html

More information about the netty-users mailing list