distinguishing http and https connections

dy1977 at orange.fr dy1977 at orange.fr
Fri Aug 23 09:04:32 UTC 2019 

hello,

thanks to the answer of Joe Abley, our filter is ready and working. 
There is still a question about what the user see if his request is 
denied. In the beginning, to be simple, I had chosen 
qstate.ext_state[id] = MODULE_ERROR. The result is that the browser 
waits for a long time and the user is not sure of what is happening.

So I modified and used the example resip.py to build an answer and send 
this answer to an apache server on our LAN, at 192.168.1.184. For http 
connexions, it works very well and the user sees a page indicating that 
the connexion was refused. It is more human.

Troubles come with https, as expected. With this solution, the user sees 
the solemn warning about the connexion being insecure and the risk of 
continuing. It is a bit terrifying. I tried to send to 127.0.0.1, but 
the result is the same.

In previous tests, I had tried to configure Apache so that it redirects 
to an error page. In some tests, instead of the great warning, the user 
just got an error about the certificate being broken. Not perfect, but 
better. That's why I have two questions.

1) Is it possible to distinguish, at the level of the "operate" function 
in the python script, if the connection is http or https ? It would give 
me more flexibility to choose the best option for each situation.

2) Is there any hope to find a way to display an error page instead of 
the great warning when an https connection has been redirected to either 
127.0.0.1 or 192.168.1.184 ? I tend to think it is not possible, and I 
would prefer not to spend hours around a chimer. I have tried to use the 
unbound generated certificate and an autosigned apache certificate. Is 
it useful to try with a certificate given by Let'sencrypt ? I don't know 
enough about ssl, but I guess the browser cannot be happy to see a 
certificate (even if it is valid) which has nothing to do with the site 
it is trying to connect with.

Thanks a lot for this great piece of work. I was surprised to be able to 
write a full featured filter in less than 150 lines of python code.

Thanks for any advice

Michel (France).


---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus

More information about the Unbound-users mailing list