Forum Discussion
Bruce_Hampton_1
Nimbostratus
NimbostratusHost inspection with a proxy...
I have a situation where we are load balancing proxy servers. The *problem* comes in that we are proxying FTP, HTTP, HTTPS all over port 80. I need to be able to look at the HTTP::host field, but the connect statment seems to not work with the http profile.
Seems the browser sends this first for an HTTP connection:
CONNECT h30046.www3.hp.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: h30046.www3.hp.com
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
Ok - so I guess I'll have to dig out the "Host:" name with findstr against CLIENT_DATA. So I am now collecting 100 bytes of data (enough to get the host field I hope) and using findstr. Now I need to find a way to tell findstr to use a space as a delimiter. Just using a " " didn't do the trick and I can't seem to find any docs on how to escape the space. Any ideas?
when CLIENT_ACCEPTED {
TCP::collect 100
}
when CLIENT_DATA {
set TESTHOST [findstr [TCP::payload] "Host:" 5 ]
log local0. "This is a test line"
log local0. "$TESTHOST"
}
Much thanks if you can point me in the right or better direction.
Bruce
2 Replies
- I'm not sure why you need a space as a delimiter here, as the default terminator is the end of the string.
But, if you're looking to set it to a space, try escaping the space with a backslash like : "\ " and see if that gives you any better results.
-Colin - Why not use HTTP::disable when you see the CONNECT method? Like
when HTTP_REQUEST {
if {[HTTP::host] eq "some.host.com"}
pool somepool
} else {
pool someotherpool
}
if {[HTTP::method] eq "CONNECT} {
HTTP::disable
}
}
I have done similar things when using webdav, where I want to insert headers and then send the request on without further http processing. Works like a charm.
-jason
