4eeadd06a5
* refactor: move more commands to internal/cmd Part of https://github.com/ooni/probe/issues/1335. We would like all commands to be at the same level of engine rather than inside engine (now that we can do it). * fix: update .gitignore * refactor: also move jafar outside engine * We should be good now?
81 lines
2.3 KiB
Go
81 lines
2.3 KiB
Go
// Package httpproxy contains a censoring HTTP proxy. This proxy will
|
|
// vet all the traffic and reply with 451 responses for a configurable
|
|
// set of offending Host headers in incoming requests.
|
|
package httpproxy
|
|
|
|
import (
|
|
"net"
|
|
"net/http"
|
|
"net/http/httputil"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/ooni/probe-cli/v3/internal/engine/netx"
|
|
)
|
|
|
|
const product = "jafar/0.1.0"
|
|
|
|
// CensoringProxy is a censoring HTTP proxy
|
|
type CensoringProxy struct {
|
|
keywords []string
|
|
transport http.RoundTripper
|
|
}
|
|
|
|
// NewCensoringProxy creates a new CensoringProxy instance using
|
|
// the specified list of keywords to censor. keywords is the list
|
|
// of keywords that trigger censorship if any of them appears in
|
|
// the Host header of a request. dnsNetwork and dnsAddress are
|
|
// settings to configure the upstream, non censored DNS.
|
|
func NewCensoringProxy(
|
|
keywords []string, uncensored netx.HTTPRoundTripper,
|
|
) *CensoringProxy {
|
|
return &CensoringProxy{keywords: keywords, transport: uncensored}
|
|
}
|
|
|
|
var blockpage = []byte(`<html><head>
|
|
<title>451 Unavailable For Legal Reasons</title>
|
|
</head><body>
|
|
<center><h1>451 Unavailable For Legal Reasons</h1></center>
|
|
<p>This content is not available in your jurisdiction.</p>
|
|
</body></html>
|
|
`)
|
|
|
|
// ServeHTTP serves HTTP requests
|
|
func (p *CensoringProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
// Implementation note: use Via header to detect in a loose way
|
|
// requests originated by us and directed to us
|
|
if r.Header.Get("Via") != "" || r.Host == "" {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
for _, pattern := range p.keywords {
|
|
if strings.Contains(r.Host, pattern) {
|
|
w.WriteHeader(http.StatusUnavailableForLegalReasons)
|
|
w.Write(blockpage)
|
|
return
|
|
}
|
|
}
|
|
r.Header.Add("Via", product) // see above
|
|
proxy := httputil.NewSingleHostReverseProxy(&url.URL{
|
|
Host: r.Host,
|
|
Scheme: "http",
|
|
})
|
|
proxy.ModifyResponse = func(resp *http.Response) error {
|
|
resp.Header.Add("Via", product) // see above
|
|
return nil
|
|
}
|
|
proxy.Transport = p.transport
|
|
proxy.ServeHTTP(w, r)
|
|
}
|
|
|
|
// Start starts the censoring proxy.
|
|
func (p *CensoringProxy) Start(address string) (*http.Server, net.Addr, error) {
|
|
server := &http.Server{Handler: p}
|
|
listener, err := net.Listen("tcp", address)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
go server.Serve(listener)
|
|
return server, listener.Addr(), nil
|
|
}
|