Python代理-> dansguardian:如何发送原始源ip?
[英]Python proxy -> dansguardian: How to send original source ip?
问题描述
I have a python proxy for DNS. 
我有一个DNS的python代理。 When I get a DNS request I need to pass an http request to dansguardian on behalf of the original source, let it to decide what happens to the request, get the result and redirect client to elsewhere based on the response from dansguardian. 当我收到DNS请求时,我需要代表原始源将http请求传递给dansguardian,让它决定对请求的处理方式,获取结果,并根据dansguardian的响应将客户端重定向到其他地方。
The network skeleton is like this: 网络骨架是这样的:
Client -> DNS Proxy -> DG -> Privoxy -> Web.
Client requests A , DNS Proxy intercepts, asks DG on behalf of the client, get's answer: 1. If DG filtered it, proxy send a local ip address instead of actual IP for A question. 客户端请求A ,DNS代理拦截,代表客户端询问DG,得到答案:1.如果DG对其进行了过滤,则代理发送本地IP地址而不是A问题的实际IP。 2. If DG didn't filter, DNS proxy let's the client's net to flow naturally. 2.如果DG没有过滤,DNS代理服务器将使客户端的网络自然流动。
Here is the sample python code that I've tried: 这是我尝试过的示例python代码:
data,addr = sock.recvfrom(1024)
OriginalDNSPacket = data
# I get OriginalDNSPacket from a socket
# to which iptables redirected all port 53 packets
UDPanswer = sendQues(OriginalDNSPacket, '8.8.8.8')
proxies = {'http': 'http://127.0.0.1:8080'} # DG Port
s = requests.Session()
d = DNSRecord.parse(UDPanswer)
print d
ques_domain = str(d.questions[0].get_qname())[:-1]
ques_tld = tldextract.extract(ques_domain)
ques_tld = "{}.{}".format(ques_tld.domain, ques_tld.suffix)
print ques_tld
for rr in d.rr:
try:
s.mount("http://"+ques_tld, SourceAddressAdapter(addr[0])) # This was a silly try, I know.
s.proxies.update(proxies)
response = s.get("http://"+ques_tld)
print dir(response.content)
print response.content
if "Access Denied" in response.content:
d.rr = []
d.add_answer(*RR.fromZone(ques_domain + " A " + SERVER_IP))
d.add_answer(*RR.fromZone(ques_domain + " AAAA fe80::a00:27ff:fe4a:c8ec"))
print d
socket.sendto(d.pack(), addr)
return
else:
socket.sendto(UDPanswer, addr)
return
except Exception, e:
print e
pass
The question is how can I send the request to DG, and fool it, like, the req comes from a client? 问题是如何将请求发送给DG,并欺骗请求(例如,请求来自客户端)?
1 个解决方案
解决方案1
0 已采纳 2016-05-23 13:51:32
In dansguardian.conf, usexforwardedfor is needed to enabled. 在dansguardian.conf中,需要启用usexforwardedfor 。
So the conf now looks like this: 因此,conf现在看起来像这样:
...
# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header. This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = on
# if on it uses the X-Forwarded-For: <clientip> to determine the client
# IP. This is for when you have squid between the clients and DansGuardian.
# Warning - headers are easily spoofed. on | off
usexforwardedfor = on
...
And on proxy server I just needed to add the following, which I tried before but because of the DG conf it didn't work: 在代理服务器上,我只需要添加以下内容(我之前曾尝试过),但是由于DG conf的原因,它不起作用:
response = s.get("http://"+ques_tld, headers={'X-Forwarded-For': addr[0]})
It worked like a charm. 它像魅力一样运作。
Thanks @boardrider. 谢谢@boardrider。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.