[Twisted-web] Twisted as reverse proxy for access control?

Bud P. Bruegger bud at comune.grosseto.it
Fri Oct 29 08:40:24 MDT 2004 

Hello,

I'm new to Twisted and would like to find out whether it is a good choice 
to solve my problem.  For OpenPortalGuard's GateKeeper component 
(http://openportalguard.sourceforge.net/wiki/index.php/Specification/Architecture), 
I am looking for a platform to implement a reverse proxy that handles the 
following tasks before giving access to a private network that hosts 
multiple application servers:

* ssl processing (offloaded from application servers)
* ssl client cert authentication
* a custom authentication module that writes cookies
* a custom access control module (role based)
* an URL-rewriting engine like Apache's mod-proxy or mod-rewrite

My first idea was to use Apache with mod-ssl, mod-proxy, and mod-rewrite 
out of the box and write the two custom modules with mod-python.

My concern with Apache is scalability.  I believe that Twisted 
(implementing the Reactor Pattern) should be able to handle many more 
concurrent connections.  Can anybody confirm this and possibly quantify 
this with examples?

My concern with Twisted is (due to ignorance ;-) whether it has the out of 
the box functionality equivalent to Apache's mod-ssl and mod-rewrite (to 
proxy to remote hosts).  A first look seems to indicate that 
twisted.internet.ssl,  twisted.web.proxy, and twisted.web.rewrite are my 
friends.  Is this correct?  Are there any examples out there?  Any 
experience on performance?

Alltogether, is Twisted a good choice for my plan?  Has anyone already used 
Twisted for such a purpose?

Many thanks in advance for any input and suggestions.

-b




-------------------------------------------------------------------------------------------------
Ing. Bud P. Bruegger, Ph.D.                 0564-488 577 (voice)
Servizio Elaborazione Dati                    0564- 21139 (fax)
Comune di Grosseto                            e-mail:  bud at comune.grosseto.it
Via Ginori, 43                                      jabber:  bud at amessage.info
58100 Grosseto                                   icq:      249-858-685

Collaborazione Open Source per la CIE e CNS http://www.comune.grosseto.it/cie/
Software Libero/Open Source in P.A.:  Non solo una buona idea,  ma una 
necessita'

More information about the Twisted-web mailing list