Esempio n. 1
0
def test_parse_init_http():
    u = "GET /test HTTP/1.1"
    m, u, httpversion= http.parse_init_http(u)
    assert m == "GET"
    assert u == "/test"
    assert httpversion == (1, 1)

    assert not http.parse_init_http("invalid")
    assert not http.parse_init_http("GET invalid HTTP/1.1")
    assert not http.parse_init_http("GET /test foo/1.1")
Esempio n. 2
0
def test_parse_init_http():
    u = "GET /test HTTP/1.1"
    m, u, httpversion= http.parse_init_http(u)
    assert m == "GET"
    assert u == "/test"
    assert httpversion == (1, 1)

    assert not http.parse_init_http("invalid")
    assert not http.parse_init_http("GET invalid HTTP/1.1")
    assert not http.parse_init_http("GET /test foo/1.1")
Esempio n. 3
0
 def _read_request_transparent(self, client_conn, scheme, host, port):
     """
     Read a transparent HTTP request. Transparent means that the client isn't aware of proxying.
     In other words, the client request starts with
     "GET /foo.html HTTP/1.1"
     rather than
     "CONNECT example.com:80 HTTP/1.1"
     """
     if scheme.lower() == "https" and not self.ssl_established:
         self.establish_ssl(client_conn, host, port)
     line = self.get_line(self.rfile)
     if line == "":
         return None
     r = http.parse_init_http(line)
     if not r:
         raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
     method, path, httpversion = r
     headers = self.read_headers(authenticate=False)
     content = http.read_http_body_request(
                 self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
             )
     return flow.Request(
                 client_conn,httpversion, host, port, scheme, method, path, headers, content,
                 self.rfile.first_byte_timestamp, utils.timestamp()
            )
Esempio n. 4
0
def create_http_request(flowheader, reqbuf):
    sfp = StringIO(reqbuf)
    method, url, httpversion = http.parse_init_http(sfp.readline())
    host, port, path = parse_url(url)
    headers = http.read_headers(sfp)

    if not host:
        if not headers.get("host"):
            host = flowheader.dstip
        else:
            host = headers.get("host")[0]
            if ":" in host:
                host = string.rsplit(host, ":", maxsplit=1)[0]

    if port == None:
        port = flowheader.dport

    # TODO: passing None as the second arg will produce and error if "expect" is in the headers
    content = http.read_http_body_request(sfp, None, headers, httpversion, None)

    # content = http.read_http_body(sfp, headers, True, None)
    return flow.Request(
        None,
        httpversion,
        host,
        port,
        "http",
        method,
        path,
        headers,
        content,
        flowheader.ts_request_start,
        flowheader.ts_request_finish,
    )
Esempio n. 5
0
 def read_request(self, client_conn):
     if self.config.transparent_proxy:
         host, port = self.config.transparent_proxy["resolver"].original_addr(self.connection)
         if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]):
             scheme = "https"
             certfile = self.find_cert(host, port, None)
             try:
                 self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
             except tcp.NetLibError, v:
                 raise ProxyError(400, str(v))
         else:
             scheme = "http"
         host = self.sni or host
         line = self.get_line(self.rfile)
         if line == "":
             return None
         r = http.parse_init_http(line)
         if not r:
             raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
         method, path, httpversion = r
         headers = http.read_headers(self.rfile)
         content = http.read_http_body_request(
                     self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
                 )
         return flow.Request(client_conn, httpversion, host, port, scheme, method, path, headers, content)
Esempio n. 6
0
 def read_request(self, client_conn):
     if self.config.transparent_proxy:
         host, port = self.config.transparent_proxy["resolver"].original_addr(self.connection)
         if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]):
             scheme = "https"
             certfile = self.find_cert(host, port, None)
             try:
                 self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
             except tcp.NetLibError, v:
                 raise ProxyError(400, str(v))
         else:
             scheme = "http"
         host = self.sni or host
         line = self.get_line(self.rfile)
         if line == "":
             return None
         r = http.parse_init_http(line)
         if not r:
             raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
         method, path, httpversion = r
         headers = http.read_headers(self.rfile)
         if headers is None:
             raise ProxyError(400, "Invalid headers")
         content = http.read_http_body_request(
                     self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
                 )
         return flow.Request(client_conn, httpversion, host, port, scheme, method, path, headers, content)
Esempio n. 7
0
    def read_request_transparent(self, client_conn):
        orig = self.config.transparent_proxy["resolver"].original_addr(self.connection)
        if not orig:
            raise ProxyError(502, "Transparent mode failure: could not resolve original destination.")
        self.log(client_conn, "transparent to %s:%s"%orig)

        host, port = orig
        if port in self.config.transparent_proxy["sslports"]:
            scheme = "https"
            if not self.ssl_established:
                self.establish_ssl(client_conn, host, port)
        else:
            scheme = "http"
        line = self.get_line(self.rfile)
        if line == "":
            return None
        r = http.parse_init_http(line)
        if not r:
            raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
        method, path, httpversion = r
        headers = self.read_headers(authenticate=False)
        content = http.read_http_body_request(
                    self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
                )
        return flow.Request(
                    client_conn,httpversion, host, port, scheme, method, path, headers, content,
                    self.rfile.first_byte_timestamp, utils.timestamp()
               )
Esempio n. 8
0
    def _read_request_origin_form(self, client_conn, scheme, host, port):
        """
        Read a HTTP request with regular (origin-form) request line.
        An example origin-form request line would be:
            GET /foo.html HTTP/1.1

        The request destination is already known from one of the following sources:
        1) transparent proxy: destination provided by platform resolver
        2) reverse proxy: fixed destination
        3) regular proxy: known from CONNECT command.
        """
        if scheme.lower() == "https" and not self.ssl_established:
            self.establish_ssl(client_conn, host, port)

        line = self.get_line(self.rfile)
        if line == "":
            return None

        r = http.parse_init_http(line)
        if not r:
            raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
        method, path, httpversion = r
        headers = self.read_headers(authenticate=False)
        self.handle_expect_header(headers, httpversion)
        content = http.read_http_body(
            self.rfile, headers, self.config.body_size_limit, True
        )
        r = flow.Request(
            client_conn, httpversion, host, port, scheme, method, path, headers, content,
            self.rfile.first_byte_timestamp, utils.timestamp()
        )
        r.set_live(self.rfile, self.wfile)
        return r
Esempio n. 9
0
 def read_request(self, client_conn):
     self.rfile.reset_timestamps()
     if self.config.transparent_proxy:
         orig = self.config.transparent_proxy["resolver"].original_addr(self.connection)
         if not orig:
             raise ProxyError(502, "Transparent mode failure: could not resolve original destination.")
         host, port = orig
         if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]):
             scheme = "https"
             certfile = self.find_cert(host, port, None)
             try:
                 self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
             except tcp.NetLibError, v:
                 raise ProxyError(400, str(v))
         else:
             scheme = "http"
         host = self.sni or host
         line = self.get_line(self.rfile)
         if line == "":
             return None
         r = http.parse_init_http(line)
         if not r:
             raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
         method, path, httpversion = r
         headers = self.read_headers(authenticate=False)
         content = http.read_http_body_request(
                     self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
                 )
         return flow.Request(client_conn, httpversion, host, port, scheme, method, path, headers, content, self.rfile.first_byte_timestamp, utils.timestamp())
Esempio n. 10
0
    def _read_request_origin_form(self, client_conn, scheme, host, port):
        """
        Read a HTTP request with regular (origin-form) request line.
        An example origin-form request line would be:
            GET /foo.html HTTP/1.1

        The request destination is already known from one of the following sources:
        1) transparent proxy: destination provided by platform resolver
        2) reverse proxy: fixed destination
        3) regular proxy: known from CONNECT command.
        """
        if scheme.lower() == "https" and not self.ssl_established:
            self.establish_ssl(client_conn, host, port)

        line = self.get_line(self.rfile)
        if line == "":
            return None

        r = http.parse_init_http(line)
        if not r:
            raise ProxyError(400, "Bad HTTP request line: %s" % repr(line))
        method, path, httpversion = r
        headers = self.read_headers(authenticate=False)
        content = http.read_http_body_request(self.rfile, self.wfile, headers,
                                              httpversion,
                                              self.config.body_size_limit)
        return flow.Request(client_conn, httpversion, host, port, scheme,
                            method, path, headers, content,
                            self.rfile.first_byte_timestamp, utils.timestamp())
Esempio n. 11
0
    def handle_request(self):
        """
            Returns True if handling should continue.
        """
        line = self.rfile.readline()
        if line == "\r\n" or line == "\n": # Possible leftover from previous message
            line = self.rfile.readline()
        if line == "":
            return

        parts = http.parse_init_http(line)
        if not parts:
            s = "Invalid first line: %s"%repr(line)
            self.info(s)
            self.server.add_log(
                dict(
                    type = "error",
                    msg = s
                )
            )
            return

        method, path, httpversion = parts
        headers = http.read_headers(self.rfile)
        if headers is None:
            s = "Invalid headers"
            self.info(s)
            self.server.add_log(
                dict(
                    type = "error",
                    msg = s
                )
            )
            return

        request_log = dict(
            path = path,
            method = method,
            headers = headers.lst,
            httpversion = httpversion,
            sni = self.sni,
            remote_address = self.client_address,
        )

        try:
            content = http.read_http_body_request(
                        self.rfile, self.wfile, headers, httpversion, None
                    )
        except http.HttpError, s:
            s = str(s)
            self.info(s)
            self.server.add_log(
                dict(
                    type = "error",
                    msg = s
                )
            )
            return
Esempio n. 12
0
    def read_request_proxy(self, client_conn):
        line = self.get_line(self.rfile)
        if line == "":
            return None

        if not self.proxy_connect_state:
            connparts = http.parse_init_connect(line)
            if connparts:
                host, port, httpversion = connparts
                headers = self.read_headers(authenticate=True)
                self.wfile.write(
                            'HTTP/1.1 200 Connection established\r\n' +
                            ('Proxy-agent: %s\r\n'%self.server_version) +
                            '\r\n'
                            )
                self.wfile.flush()
                self.establish_ssl(client_conn, host, port)
                self.proxy_connect_state = (host, port, httpversion)
                line = self.rfile.readline(line)

        if self.proxy_connect_state:
            r = http.parse_init_http(line)
            if not r:
                raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
            method, path, httpversion = r
            headers = self.read_headers(authenticate=False)

            host, port, _ = self.proxy_connect_state
            content = http.read_http_body_request(
                self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
            )
            return flow.Request(
                        client_conn, httpversion, host, port, "https", method, path, headers, content,
                        self.rfile.first_byte_timestamp, utils.timestamp()
                   )
        else:
            r = http.parse_init_proxy(line)
            if not r:
                raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
            method, scheme, host, port, path, httpversion = r
            headers = self.read_headers(authenticate=True)
            content = http.read_http_body_request(
                self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
            )
            return flow.Request(
                        client_conn, httpversion, host, port, scheme, method, path, headers, content,
                        self.rfile.first_byte_timestamp, utils.timestamp()
                    )
Esempio n. 13
0
 def read_request_reverse(self, client_conn):
     line = self.get_line(self.rfile)
     if line == "":
         return None
     scheme, host, port = self.config.reverse_proxy
     r = http.parse_init_http(line)
     if not r:
         raise ProxyError(400, "Bad HTTP request line: %s" % repr(line))
     method, path, httpversion = r
     headers = self.read_headers(authenticate=False)
     content = http.read_http_body_request(self.rfile, self.wfile, headers,
                                           httpversion,
                                           self.config.body_size_limit)
     return flow.Request(client_conn, httpversion, host, port, "http",
                         method, path, headers, content,
                         self.rfile.first_byte_timestamp, utils.timestamp())
Esempio n. 14
0
 def read_request_reverse(self, client_conn):
     line = self.get_line(self.rfile)
     if line == "":
         return None
     scheme, host, port = self.config.reverse_proxy
     r = http.parse_init_http(line)
     if not r:
         raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
     method, path, httpversion = r
     headers = self.read_headers(authenticate=False)
     content = http.read_http_body_request(
                 self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
             )
     return flow.Request(
                 client_conn, httpversion, host, port, "http", method, path, headers, content,
                 self.rfile.first_byte_timestamp, utils.timestamp()
            )
Esempio n. 15
0
    def handle_request(self):
        """
            Returns a (again, log) tuple. 

            again: True if request handling should continue.
            log: A dictionary, or None
        """
        line = self.rfile.readline()
        if line == "\r\n" or line == "\n": # Possible leftover from previous message
            line = self.rfile.readline()
        if line == "":
            # Normal termination
            return False, None

        parts = http.parse_init_http(line)
        if not parts:
            s = "Invalid first line: %s"%repr(line)
            self.info(s)
            return False, dict(type = "error", msg = s)

        method, path, httpversion = parts
        headers = http.read_headers(self.rfile)
        if headers is None:
            s = "Invalid headers"
            self.info(s)
            return False, dict(type = "error", msg = s)

        request_log = dict(
            path = path,
            method = method,
            headers = headers.lst,
            httpversion = httpversion,
            sni = self.sni,
            remote_address = self.client_address,
        )

        try:
            content = http.read_http_body_request(
                        self.rfile, self.wfile, headers, httpversion, None
                    )
        except http.HttpError, s:
            s = str(s)
            self.info(s)
            return False, dict(type = "error", msg = s)
Esempio n. 16
0
    def handle_request(self):
        """
            Returns a (again, log) tuple. 

            again: True if request handling should continue.
            log: A dictionary, or None
        """
        line = self.rfile.readline()
        if line == "\r\n" or line == "\n":  # Possible leftover from previous message
            line = self.rfile.readline()
        if line == "":
            # Normal termination
            return False, None

        parts = http.parse_init_http(line)
        if not parts:
            s = "Invalid first line: %s" % repr(line)
            self.info(s)
            return False, dict(type="error", msg=s)

        method, path, httpversion = parts
        headers = http.read_headers(self.rfile)
        if headers is None:
            s = "Invalid headers"
            self.info(s)
            return False, dict(type="error", msg=s)

        request_log = dict(
            path=path,
            method=method,
            headers=headers.lst,
            httpversion=httpversion,
            sni=self.sni,
            remote_address=self.client_address,
        )

        try:
            content = http.read_http_body_request(self.rfile, self.wfile,
                                                  headers, httpversion, None)
        except http.HttpError, s:
            s = str(s)
            self.info(s)
            return False, dict(type="error", msg=s)
Esempio n. 17
0
 def read_request(self, client_conn):
     if self.config.transparent_proxy:
         host, port = self.config.transparent_proxy["resolver"].original_addr(self.connection)
         if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]):
             scheme = "https"
             certfile = self.find_cert(host, port, None)
             self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
         else:
             scheme = "http"
         host = self.sni or host
         line = self.get_line(self.rfile)
         if line == "":
             return None
         r = http.parse_init_http(line)
         if not r:
             raise ProxyError(400, "Bad HTTP request line: %s"%line)
         method, path, httpversion = r
         headers = http.read_headers(self.rfile)
         content = http.read_http_body_request(
                     self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
                 )
         return flow.Request(client_conn, httpversion, host, port, scheme, method, path, headers, content)
     elif self.config.reverse_proxy:
         line = self.get_line(self.rfile)
         if line == "":
             return None
         scheme, host, port = self.config.reverse_proxy
         r = http.parse_init_http(line)
         if not r:
             raise ProxyError(400, "Bad HTTP request line: %s"%line)
         method, path, httpversion = r
         headers = http.read_headers(self.rfile)
         content = http.read_http_body_request(
                     self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
                 )
         return flow.Request(client_conn, httpversion, host, port, "http", method, path, headers, content)
     else:
         line = self.get_line(self.rfile)
         if line == "":
             return None
         if line.startswith("CONNECT"):
             host, port, httpversion = http.parse_init_connect(line)
             # FIXME: Discard additional headers sent to the proxy. Should I expose
             # these to users?
             while 1:
                 d = self.rfile.readline()
                 if d == '\r\n' or d == '\n':
                     break
             self.wfile.write(
                         'HTTP/1.1 200 Connection established\r\n' +
                         ('Proxy-agent: %s\r\n'%version.NAMEVERSION) +
                         '\r\n'
                         )
             self.wfile.flush()
             certfile = self.find_cert(host, port, None)
             self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
             self.proxy_connect_state = (host, port, httpversion)
             line = self.rfile.readline(line)
         if self.proxy_connect_state:
             host, port, httpversion = self.proxy_connect_state
             r = http.parse_init_http(line)
             if not r:
                 raise ProxyError(400, "Bad HTTP request line: %s"%line)
             method, path, httpversion = r
             headers = http.read_headers(self.rfile)
             content = http.read_http_body_request(
                 self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
             )
             return flow.Request(client_conn, httpversion, host, port, "https", method, path, headers, content)
         else:
             method, scheme, host, port, path, httpversion = http.parse_init_proxy(line)
             headers = http.read_headers(self.rfile)
             content = http.read_http_body_request(
                 self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
             )
             return flow.Request(client_conn, httpversion, host, port, scheme, method, path, headers, content)
Esempio n. 18
0
         return None
     r = http.parse_init_http(line)
     if not r:
         raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
     method, path, httpversion = r
     headers = http.read_headers(self.rfile)
     content = http.read_http_body_request(
                 self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
             )
     return flow.Request(client_conn, httpversion, host, port, scheme, method, path, headers, content)
 elif self.config.reverse_proxy:
     line = self.get_line(self.rfile)
     if line == "":
         return None
     scheme, host, port = self.config.reverse_proxy
     r = http.parse_init_http(line)
     if not r:
         raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
     method, path, httpversion = r
     headers = http.read_headers(self.rfile)
     content = http.read_http_body_request(
                 self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
             )
     return flow.Request(client_conn, httpversion, host, port, "http", method, path, headers, content)
 else:
     line = self.get_line(self.rfile)
     if line == "":
         return None
     if line.startswith("CONNECT"):
         r = http.parse_init_connect(line)
         if not r:
Esempio n. 19
0
                        )
            self.wfile.flush()
            if not self.server.ssloptions.not_after_connect:
                try:
                    self.convert_to_ssl(
                        self.server.ssloptions.certfile,
                        self.server.ssloptions.keyfile,
                    )
                except tcp.NetLibError, v:
                    s = str(v)
                    self.info(s)
                    return False, dict(type = "error", msg = s)
            return True, None
        elif m(http.parse_init_proxy(line)):
            method, _, _, _, path, httpversion = m.v
        elif m(http.parse_init_http(line)):
            method, path, httpversion = m.v
        else:
            s = "Invalid first line: %s"%repr(line)
            self.info(s)
            return False, dict(type = "error", msg = s)

        headers = http.read_headers(self.rfile)
        if headers is None:
            s = "Invalid headers"
            self.info(s)
            return False, dict(type = "error", msg = s)

        clientcert = None
        if self.clientcert:
            clientcert = dict(
Esempio n. 20
0
                        cert,
                        key,
                        handle_sni=self.handle_sni,
                        request_client_cert=self.server.ssloptions.
                        request_client_cert,
                        cipher_list=self.server.ssloptions.ciphers,
                        method=self.server.ssloptions.sslversion,
                    )
                except tcp.NetLibError, v:
                    s = str(v)
                    self.info(s)
                    return False, dict(type="error", msg=s)
            return True, None
        elif m(http.parse_init_proxy(line)):
            method, _, _, _, path, httpversion = m.v
        elif m(http.parse_init_http(line)):
            method, path, httpversion = m.v
        else:
            s = "Invalid first line: %s" % repr(line)
            self.info(s)
            return False, dict(type="error", msg=s)

        headers = http.read_headers(self.rfile)
        if headers is None:
            s = "Invalid headers"
            self.info(s)
            return False, dict(type="error", msg=s)

        clientcert = None
        if self.clientcert:
            clientcert = dict(
Esempio n. 21
0
                dummycert = self.find_cert(client_conn, host, port, host)
                sni = HandleSNI(self, client_conn, host, port, dummycert,
                                self.config.certfile or self.config.cacert)
                try:
                    self.convert_to_ssl(dummycert,
                                        self.config.certfile
                                        or self.config.cacert,
                                        handle_sni=sni)
                except tcp.NetLibError, v:
                    raise ProxyError(400, str(v))
        else:
            scheme = "http"
        line = self.get_line(self.rfile)
        if line == "":
            return None
        r = http.parse_init_http(line)
        if not r:
            raise ProxyError(400, "Bad HTTP request line: %s" % repr(line))
        method, path, httpversion = r
        headers = self.read_headers(authenticate=False)
        content = http.read_http_body_request(self.rfile, self.wfile, headers,
                                              httpversion,
                                              self.config.body_size_limit)
        return flow.Request(client_conn, httpversion, host, port, scheme,
                            method, path, headers, content,
                            self.rfile.first_byte_timestamp, utils.timestamp())

    def read_request_proxy(self, client_conn):
        line = self.get_line(self.rfile)
        if line == "":
            return None
Esempio n. 22
0
    def handle_request(self):
        """
            Returns a (again, log) tuple.

            again: True if request handling should continue.
            log: A dictionary, or None
        """
        line = self.rfile.readline()
        if line == "\r\n" or line == "\n":  # Possible leftover from previous message
            line = self.rfile.readline()
        if line == "":
            # Normal termination
            return False, None

        m = utils.MemBool()
        if m(http.parse_init_connect(line)):
            headers = http.read_headers(self.rfile)
            self.wfile.write(
                'HTTP/1.1 200 Connection established\r\n' +
                ('Proxy-agent: %s\r\n' % version.NAMEVERSION) +
                '\r\n'
            )
            self.wfile.flush()
            if not self.server.ssloptions.not_after_connect:
                try:
                    cert, key, chain_file = self.server.ssloptions.get_cert(m.v[0])
                    self.convert_to_ssl(
                        cert, key,
                        handle_sni=self.handle_sni,
                        request_client_cert=self.server.ssloptions.request_client_cert,
                        cipher_list=self.server.ssloptions.ciphers,
                        method=self.server.ssloptions.sslversion,
                    )
                except tcp.NetLibError as v:
                    s = str(v)
                    self.info(s)
                    return False, dict(type="error", msg=s)
            return True, None
        elif m(http.parse_init_proxy(line)):
            method, _, _, _, path, httpversion = m.v
        elif m(http.parse_init_http(line)):
            method, path, httpversion = m.v
        else:
            s = "Invalid first line: %s" % repr(line)
            self.info(s)
            return False, dict(type="error", msg=s)

        headers = http.read_headers(self.rfile)
        if headers is None:
            s = "Invalid headers"
            self.info(s)
            return False, dict(type="error", msg=s)

        clientcert = None
        if self.clientcert:
            clientcert = dict(
                cn=self.clientcert.cn,
                subject=self.clientcert.subject,
                serial=self.clientcert.serial,
                notbefore=self.clientcert.notbefore.isoformat(),
                notafter=self.clientcert.notafter.isoformat(),
                keyinfo=self.clientcert.keyinfo,
            )

        retlog = dict(
            type="crafted",
            request=dict(
                path=path,
                method=method,
                headers=headers.lst,
                httpversion=httpversion,
                sni=self.sni,
                remote_address=self.address(),
                clientcert=clientcert,
            ),
            cipher=None,
        )
        if self.ssl_established:
            retlog["cipher"] = self.get_current_cipher()

        try:
            content = http.read_http_body(
                self.rfile, headers, None,
                method, None, True
            )
        except http.HttpError as s:
            s = str(s)
            self.info(s)
            return False, dict(type="error", msg=s)

        for i in self.server.anchors:
            if i[0].match(path):
                self.info("crafting anchor: %s" % path)
                again, retlog["response"] = self.serve_crafted(i[1])
                return again, retlog

        if not self.server.nocraft and path.startswith(self.server.craftanchor):
            spec = urllib.parse.unquote(path)[len(self.server.craftanchor):]
            self.info("crafting spec: %s" % spec)
            try:
                crafted = language.parse_response(spec)
            except language.ParseException as v:
                self.info("Parse error: %s" % v.msg)
                crafted = language.make_error_response(
                    "Parse Error",
                    "Error parsing response spec: %s\n" % v.msg + v.marked()
                )
            again, retlog["response"] = self.serve_crafted(crafted)
            return again, retlog
        elif self.server.noweb:
            crafted = language.make_error_response("Access Denied")
            language.serve(crafted, self.wfile, self.server.request_settings)
            return False, dict(
                type="error",
                msg="Access denied: web interface disabled"
            )
        else:
            self.info("app: %s %s" % (method, path))
            req = wsgi.Request("http", method, path, headers, content)
            flow = wsgi.Flow(self.address, req)
            sn = self.connection.getsockname()
            a = wsgi.WSGIAdaptor(
                self.server.app,
                sn[0],
                self.server.address.port,
                version.NAMEVERSION
            )
            a.serve(flow, self.wfile)
            return True, None