[Twisted-Python] Need help with writing a secure Iran Proxy

Kevin Horn kevin.horn at gmail.com
Thu Jun 18 22:10:03 EDT 2009


Of course it depends on you definition of "safe" and "secure", but there's a
few examples around the net.  Here's a few:

http://wiki.python.org/moin/Twisted-Examples
http://www.linuxjournal.com/article/7871
http://proxies.xhaus.com/

If you want to add proxy authentication, it shouldn't be too
difficult...check out RFC 2068.

http://www.ietf.org/rfc/rfc2068.txt (esp sections 10.4.8, 11, and 14.33-34)

It should be similar to implementing basic HTTP auth, except you want to use
the
Proxy-Authenticate and Proxy-Authorization headers instead of the regular
ones.

I'm guessing the flow would go something like:
- client requests a proxied resource ( without a Proxy-Authorization header
)
- server sends back a 407 with a Proxy-Authenticate header
- client prompts user for credentials
- client provides request again with Proxy-Authorization header
- server proxies the resource

of course I'm no expert on web proxies so don't take my word for it...

I think you should be able to do the above by overriding some of the proxy
classes in twisted.web.proxy

Good Luck!

Kevin Horn


On Thu, Jun 18, 2009 at 2:44 AM, Andreas Trawoeger <atrawog at gmail.com>wrote:

> Hi!
>
> Could I kindly ask all the Twisted Gurus to take a look Austin Heaps Best
> Proxy Practices
> for Iran http://blog.austinheap.com/
>
> The current setup (Squid & iptables) everybody uses is extremely
> complicated to setup and it should be trivial to implement the requirements
> in Twisted. Turn it into an egg and allow everybody to simple type
> easy_install iranproxy.
>
> I know a little bit of Twisted, because I'm an avid Zenoss user and in
> different circumstanced I would write the proxy on my own. But in this case
> a safe implementation is a real must and I'm really worried to make some
> stupid beginner mistakes.
>
> So some (example) code and links to websites I should read would be greatly
> appreciated.
>
>
> Thanks to everybody!
>
> cu andreas
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20090618/5aa5b0c8/attachment.htm 


More information about the Twisted-Python mailing list