Transparent (redirecting) proxy with BaseHTTPServer

[aurora]

If you actually want the IP, resolve the host header would give you that.

In the redirect case you should get a host header like

Host: www.python.org

 From that you can reconstruct the original URL as  
http://www.python.org/ftp/python/contrib/. With that you can open it using  
urllib and proxy the data to the client.

The second form of HTTP request without the host part is for compatability  
of pre-HTTP/1.1 standard. All modern web browser should send the Host  
header.


> Hi list,
>
> My ultimate goal is to have a small HTTP proxy which is able to show a  
> message specific to clients name/ip/status then handle the original  
> request normally either by redirecting the client, or acting as a proxy.
>
> I started with a modified[1] version of TinyHTTPProxy postet by Suzuki  
> Hisao somewhere in 2003 to this list and tried to extend it to my needs.  
> It works quite well if I configure my client to use it, but using  
> iptables REDIRECT feature to point the clients transparently to the  
> proxy caused some issues.
>
> Precisely, the "self.path" member variable of baseHTTPRequestHandler is  
> missing the <command> and the host (i.e www.python.org) part of the  
> request line for REDIRECTed connections:
>
> without iptables REDIRECT:
> self.path -> GET http://www.python.org/ftp/python/contrib/ HTTP/1.1
>
> with REDIRECT:
> self.path -> GET /ftp/python/contrib/ HTTP/1.1
>
> I asked about this on the squid mailing list and was told this is normal  
> and I have to reconstuct the request line from the real destination IP,  
> the URL-path and the Host header (if any). If the Host header is sent  
> it's an (unsafe) nobrainer, but I cannot for the life of me figure out  
> where to get the "real destination IP". Any ideas?
>
> thanks
>   Paul
>
> [1] HTTP Debugging Proxy
>   Modified by Xavier Defrang (http://defrang.com/)