| The proxy dispatcher applies some rules to a request.
The goal of that filter is to allow special pre-processing of requests
based, on their target host, before sending them off the net.
The filter is configured through a rule file whose format
is described by the following BNF:
rule-file=(record)*
record=EOL|comment|rule
comment=#(^EOL)*EOL
rule=rule-lhs(SPACE)*rule-rhs
rule-lhs=(token)
|(token (. token)*
rule-lhr=forbid|direct|redirect
|proxy|authorization|proxyauth
forbid=FORBID|forbid
direct=DIRECT|direct
redirect=(REDIRECT|proxy) url
proxy=(PROXY|proxy) url
url=any valid URL
authorization=(AUTHORIZATION|authorization
user password
proxyauth=(PROXYAUTH|proxyauth
user password url
A sample rule file looks like this:
# Some comments
edu proxy http://class.w3.org:8001/
org proxy http://class.w3.org:8001/
fr direct
www.evilsite.com redirect http://www.goodsite.com/warning.html
www.w3.org direct
138.96.24 direct
www.playboy.com forbid
default proxy http://cache.inria.fr:8080/
The algorithm used to lookup rules is the following:
- Split all rules left hand side into its components, eg
H1.H2.H3 is splitted into { H1, H2, H3 }, then reverse the components and
map that to the rule. In our example above, { org, w3, www} would be mapped
to direct.
- Split the fully qualified host name into its components, eg, A.B.C is
splitted into { A, B, C } and reverse it.
- Find the longest match in the mapping table of rules, and get
apply the given rule.
In our example, a request to www.isi.edu would match
the edu rule, and a request for www.w3.org
would match the direct rule, for example.
Three rules are defined:
- direct
- Run that request directly against the target host.
- forbid
- Emit a forbid message, indicating that the user is not
allowed to contact this host.
- proxy
- Run that request through the given proxy.
- proxyauth
- Run that request through a proxy with the right proxy
credentials.
For numeric IP addresses, the most significant part is the beginning,
so {A, B, C} are deducted directly. In the example { 138, 96, 24 } is mapped
to direct.
If no rules are applied, then the default rule (root rule) is applied.
See the example.
|