def test_process_firewall_rules_path_accept():
input = yaml.safe_load('''
hosts:
- host: www.mango.com
firewall_rules:
path_reject:
- /messages
- /apps
servers:
- localhost:8081
- localhost:8082
- host: www.apple.com
servers:
- localhost:9081
- localhost:9082
paths:
- path: /mango
servers:
- localhost:8081
- localhost:8082
- path: /apple
servers:
- localhost:9081
- localhost:9082
''')
results = process_firewall_rules_flag(input,
'www.mango.com',
path='/pictures')
assert results == True
def test_process_firewall_header_rules_accept():
input = yaml.safe_load(
"""
hosts:
- host: www.anthrax.com
firewall_rules:
header_reject:
User-Agent:
- Malicious App
servers:
- localhost:8081
- localhost:8082
- host: www.metallica.com
servers:
- localhost:9081
- localhost:9082
paths:
- path: /anthrax
servers:
- localhost:8081
- localhost:8082
- path: /metallica
servers:
- localhost:9081
- localhost:9082
"""
)
results = process_firewall_rules_flag(
input, "www.anthrax.com", headers={"User-Agent": "Safe App"}
)
assert results is True
def test_process_firewall_rules_accept():
input = yaml.safe_load('''
hosts:
- host: www.mango.com
firewall_rules:
ip_reject:
- 10.192.0.1
- 10.192.0.2
servers:
- localhost:8081
- localhost:8082
- host: www.apple.com
servers:
- localhost:9081
- localhost:9082
paths:
- path: /mango
servers:
- localhost:8081
- localhost:8082
- path: /apple
servers:
- localhost:9081
- localhost:9082
''')
results = process_firewall_rules_flag(input, 'www.mango.com',
'55.55.55.55')
assert results
def test_process_firewall_rules_path_accept():
input = yaml.safe_load(
"""
hosts:
- host: www.anthrax.com
firewall_rules:
path_reject:
- /messages
- /apps
servers:
- localhost:8081
- localhost:8082
- host: www.metallica.com
servers:
- localhost:9081
- localhost:9082
paths:
- path: /anthrax
servers:
- localhost:8081
- localhost:8082
- path: /metallica
servers:
- localhost:9081
- localhost:9082
"""
)
results = process_firewall_rules_flag(input, "www.anthrax.com", path="/pictures")
assert results is True
def test_process_firewall_rules_accept():
input = yaml.safe_load(
"""
hosts:
- host: www.anthrax.com
firewall_rules:
ip_reject:
- 10.192.0.1
- 10.192.0.2
servers:
- localhost:8081
- localhost:8082
- host: www.metallica.com
servers:
- localhost:9081
- localhost:9082
paths:
- path: /anthrax
servers:
- localhost:8081
- localhost:8082
- path: /metallica
servers:
- localhost:9081
- localhost:9082
"""
)
results = process_firewall_rules_flag(input, "www.anthrax.com", "55.55.55.55")
assert results
def router(path="/"):
updated_register = healthcheck(register)
host_header = request.headers["Host"]
if not process_firewall_rules_flag(
config, host_header, request.environ["REMOTE_ADDR"], "/" + path):
return "Forbidden", 403
for entry in config["hosts"]:
if host_header == entry["host"]:
healthy_server = get_healthy_server(entry["host"],
updated_register)
if not healthy_server:
return "No Backends servers available", 503
headers = process_rules(config, host_header,
{k: v
for k, v in request.headers.items()},
"header")
params = process_rules(config, host_header,
{k: v
for k, v in request.args.items()}, "param")
rewrite_path = ""
if path == "v1":
rewrite_path = process_rewrite_rules(config, host_header, path)
healthy_server.open_connections += 1
response = requests.get("http://{}{}".format(
healthy_server.endpoint, "/" + rewrite_path),
headers=headers,
params=params)
healthy_server.open_connections -= 1
response = requests.get("http://{}{}".format(
healthy_server.endpoint, "/" + rewrite_path),
headers=headers,
params=params)
return response.content, response.status_code
for entry in config["paths"]:
if ("/" + path) == entry["path"]:
healthy_server = get_healthy_server(entry["path"], register)
if not healthy_server:
return "No Backends servers available", 503
response = requests.get("http://{}".format(
healthy_server.endpoint))
return response.content, response.status_code
return "Not Found", 404
def router(path='/'):
updated_register = healthcheck(register)
host_header = request.headers['Host']
if not process_firewall_rules_flag(
config, host_header, request.environ['REMOTE_ADDR'], f'/{path}'):
return 'Forbidden', 403
for entry in config['hosts']:
if host_header == entry['host']:
healthy_server = get_healthy_server(entry['host'],
updated_register)
if not healthy_server:
return 'No backend servers available.', 503
headers = process_rules(config, host_header,
{k: v
for k, v in request.headers.items()},
'header')
params = process_rules(config, host_header,
{k: v
for k, v in request.args.items()}, 'param')
rewrite_path = ''
if path == 'v1':
rewrite_path = process_rewrite_rules(config, host_header, path)
response = requests.get(
f'http://{healthy_server.endpoint}/{rewrite_path}',
headers=headers,
params=params)
return response.content, response.status_code
for entry in config['paths']:
if ('/' + path) == entry['path']:
healthy_server = get_healthy_server(entry['path'], register)
if not healthy_server:
return 'No backend servers available.', 503
healthy_server.open_connections += 1
response = requests.get(f'http://{healthy_server.endpoint}')
healthy_server.open_connections -= 1
return response.content, response.status_code
return 'Not Found', 404
def router(path="/"):
updated_register = healthcheck(register)
host_header = request.headers["Host"]
header_dictionary = {k: v for k, v in request.headers.items()}
if not process_firewall_rules_flag(
config,
host_header,
request.environ["REMOTE_ADDR"],
f"/{path}",
header_dictionary,
):
return "Forbidden", 403
for entry in config["hosts"]:
try:
algo = entry["algo"]
except KeyError:
pass
if algo == "weight":
try:
weights = [weights for weights in entry["weights"]]
except KeyError:
weights = None
else:
weights = None
if host_header == entry["host"]:
healthy_server = get_healthy_server(entry["host"],
updated_register, algo,
weights)
if not healthy_server:
return "No backend servers available.", 503
headers = process_rules(
config,
host_header,
{k: v
for k, v in request.headers.items()},
"header",
)
params = process_rules(config, host_header,
{k: v
for k, v in request.args.items()}, "param")
post_data = process_rules(config, host_header,
{k: v
for k, v in request.data}, "post_data")
cookies = process_rules(config, host_header,
{k: v
for k, v in request.cookies}, "cookie")
rewrite_path = ""
if path == "v1":
rewrite_path = process_rewrite_rules(config, host_header, path)
response = requests.get(
f"http://{healthy_server.endpoint}/{rewrite_path}",
headers=headers,
params=params,
data=post_data,
cookies=cookies,
)
return response.content, response.status_code
for entry in config["paths"]:
if ("/" + path) == entry["path"]:
healthy_server = get_healthy_server(entry["path"], register)
if not healthy_server:
return "No backend servers available", 503
healthy_server.open_connections += 1
response = requests.get(f"http://{healthy_server.endpoint}")
healthy_server.open_connections -= 1
return response.content, response.status_code
return "Not Found", 404
