该博客介绍了一个Python类`HTTPSReverseProxyResource`,它用于拦截并对HTTPS服务器的请求进行过滤。当请求匹配到禁止的URL时,返回'LocalResource',否则通过代理转发。文章还展示了如何使用`argparse`参数解析端口和SSL证书,并利用Twisted库创建SSL服务器监听指定端口。
class LocalResource(Resource):
def render(self, request):
return "Banned"
class HTTPSReverseProxyResource(proxy.ReverseProxyResource, object):
def proxyClientFactoryClass(self, *args, **kwargs):
"""
Make all connections using HTTPS.
"""
return TLSMemoryBIOFactory(
ssl.optionsForClientTLS(self.host.decode("ascii")), True,
super(HTTPSReverseProxyResource, self)
.proxyClientFactoryClass(*args, **kwargs))
def getChild(self, path, request):
if any([re.match(url, path) for url in banned_urls]):
return LocalResource()
else:
child = super(HTTPSReverseProxyResource, self).getChild(path, request)
return HTTPSReverseProxyResource(child.host, child.port, child.path,
child.reactor)
if __name__ == '__main__':
import argparse
ap = argparse.ArgumentParser()
ap.add_argument('port', default=8080, nargs='?', type=int)
ap.add_argument('--ssl-cert', type=str)
ap.add_argument('--ssl-key', type=str)
ns = ap.parse_args()
if ns.ssl_cert:
from twisted.internet import ssl
with open(ns.ssl_cert, 'rb') as fp:
ssl_cert = fp.read()
if ns.ssl_key:
from OpenSSL import crypto
with open(ns.ssl_key, 'rb') as fp:
ssl_key = fp.read()
ftype = crypto.FILETYPE_PEM
k = ssl.KeyPair.load(ssl_key, ftype)
certificate = ssl.PrivateCertificate.load(ssl_cert, k, ftype)
else:
certificate = ssl.PrivateCertificate.loadPEM(ssl_cert)
srv = HTTPSReverseProxyResource('your_main_server', 443 , '')
reactor.listenSSL(ns.port, srv, certificate.options())
reactor.run()
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
