我有一个用于DNS的python代理。当我收到DNS请求时,我需要代表原始源将http请求传递给dansguardian,让它决定请求会发生什么,获取结果并根据dansguardian的响应将客户端重定向到其他地方。
网络骨架是这样的:
Client -> DNS Proxy -> DG -> Privoxy -> Web.
客户端请求A,DNS代理拦截,代表客户端询问DG,得到答案:1.如果DG过滤了它,代理发送本地IP地址而不是实际IP A问题。2.如果DG没有过滤,DNS代理会让客户端的网络自然流动。
这是我尝试过的示例 python 代码:
data,addr = sock.recvfrom(1024)
OriginalDNSPacket = data
# I get OriginalDNSPacket from a socket
# to which iptables redirected all port 53 packets
UDPanswer = sendQues(OriginalDNSPacket, '8.8.8.8')
proxies = {'http': 'http://127.0.0.1:8080'} # DG Port
s = requests.Session()
d = DNSRecord.parse(UDPanswer)
print d
ques_domain = str(d.questions[0].get_qname())[:-1]
ques_tld = tldextract.extract(ques_domain)
ques_tld = "{}.{}".format(ques_tld.domain, ques_tld.suffix)
print ques_tld
for rr in d.rr:
try:
s.mount("http://"+ques_tld, SourceAddressAdapter(addr[0])) # This was a silly try, I know.
s.proxies.update(proxies)
response = s.get("http://"+ques_tld)
print dir(response.content)
print response.content
if "Access Denied" in response.content:
d.rr = []
d.add_answer(*RR.fromZone(ques_domain + " A " + SERVER_IP))
d.add_answer(*RR.fromZone(ques_domain + " AAAA fe80::a00:27ff:fe4a:c8ec"))
print d
socket.sendto(d.pack(), addr)
return
else:
socket.sendto(UDPanswer, addr)
return
except Exception, e:
print e
pass
问题是我如何将请求发送给 DG,并愚弄它,例如,请求来自客户端?
在 dansguardian.conf 中,需要启用usexforwardedfor。
所以 conf 现在看起来像这样:
...
# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header. This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = on
# if on it uses the X-Forwarded-For: <clientip> to determine the client
# IP. This is for when you have squid between the clients and DansGuardian.
# Warning - headers are easily spoofed. on | off
usexforwardedfor = on
...
在代理服务器上,我只需要添加以下内容,我之前尝试过,但由于 DG conf,它不起作用:
response = s.get("http://"+ques_tld, headers={'X-Forwarded-For': addr[0]})
它就像一个魅力。
谢谢@boardrider。