[Twisted-web] Enforcing SSL for non-SSL requests
Marek Habersack
grendel at caudium.net
Wed Aug 10 13:19:52 MDT 2005
On Wed, Aug 10, 2005 at 07:33:50PM +0300, Tommi Virtanen scribbled:
> Marek Habersack wrote:
> > I'm trying to find a way for a Nevow-based application to enforce SSL
> > connection on the client when they come in using insecure HTTP. Currently
> > when the client comes in using a http://site.com URL typed in the browser,
> > they will get no error and no response from the server as the connection is
> > closed. The application log reveals the following:
>
> Your SSL problem has to do with trying to talk non-SSL protocols to an
> SSL port, as mentioned elsewhere in this thread.
Yes, I know, the client isn't starting the SSL handshake when it is expected
to - the real question was how to work around it using a single port (my
client's requirement), but it seems I will have to use the standard two-port
approach here.
> Apart from that, here's what I've done before:
>
> class MakeSecure(object):
> __implements__ = inevow.IResource,
>
> def __init__(self, wrapped, port=None, *a, **kw):
> super(MakeSecure, self).__init__(*a, **kw)
> self.wrapped = wrapped
> self.port = port
>
> def locateChild(self, ctx, segments):
> request = inevow.IRequest(ctx)
> if request.isSecure():
> return self.wrapped, segments
> else:
> u = url.URL.fromRequest(request)
> for seg in segments:
> u = u.child(seg)
> return u.secure(port=self.port), ()
>
> def renderHTTP(self, ctx):
> request = inevow.IRequest(ctx)
> if request.isSecure():
> return self.wrapped.renderHTTP(ctx)
> else:
> u = url.URL.fromRequest(request)
> u = u.secure(port=self.port)
> return inevow.IResource(u).renderHTTP(ctx)
>
> for that, svn co http://divmod.org/svn/Nevow/sandbox/tv and see the
> makesecure subdirectory.
>
> You may also be interested in the branchsecure directory.
Thanks a million, I think this will do the trick :)
best regards,
marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://twistedmatrix.com/pipermail/twisted-web/attachments/20050810/5fe59c34/attachment.bin
More information about the Twisted-web
mailing list