API tools faq
paste
Advertisement
Guest User

zorp https config

a guest
Feb 21st, 2016
88
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.63 KB | None | 0 0
raw download clone embed print report
  1. ############################################################################
  2. ##
  3. ## Copyright (c) 2000-2015 BalaBit IT Ltd, Budapest, Hungary
  4. ##
  5. ##
  6. ## This program is free software; you can redistribute it and/or modify
  7. ## it under the terms of the GNU General Public License as published by
  8. ## the Free Software Foundation; either version 2 of the License, or
  9. ## (at your option) any later version.
  10. ##
  11. ## This program is distributed in the hope that it will be useful,
  12. ## but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. ## GNU General Public License for more details.
  15. ##
  16. ## You should have received a copy of the GNU General Public License along
  17. ## with this program; if not, write to the Free Software Foundation, Inc.,
  18. ## 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  19. ##
  20. ############################################################################
  21.  
  22. # sample firewall policy with transparent access to HTTPS servers.
  23.  
  24. from Zorp.Core import *
  25. from Zorp.Http import *
  26. from Zorp.Encryption import *
  27. from Zorp.Keybridge import X509KeyBridge
  28.  
  29. #
  30. # Let's define a transparent https proxy, which bridges X509
  31. # CAs and certificates
  32. #
  33. class HttpsProxyKeybridge(HttpProxy):
  34. key_generator=X509KeyBridge(
  35. key_file="/etc/zorp/keybridge/key.pem",
  36. key_passphrase="passphrase",
  37. cache_directory="/var/lib/zorp/keybridge-cache",
  38. trusted_ca_files=(
  39. "/etc/zorp/keybridge/ZorpGPL_TrustedCA.cert.pem",
  40. "/etc/zorp/keybridge/ZorpGPL_TrustedCA.key.pem",
  41. "passphrase"
  42. ),
  43. untrusted_ca_files=(
  44. "/etc/zorp/keybridge/ZorpGPL_UnTrustedCA.cert.pem",
  45. "/etc/zorp/keybridge/ZorpGPL_UnTrustedCA.key.pem",
  46. "passphrase"
  47. )
  48. )
  49.  
  50. def config(self):
  51. HttpProxy.config(self)
  52. self.require_host_header=FALSE
  53. self.ssl.handshake_seq=SSL_HSO_SERVER_CLIENT
  54. self.ssl.key_generator = self.key_generator
  55. self.ssl.client_keypair_generate=TRUE
  56. self.ssl.client_connection_security=SSL_FORCE_SSL
  57. self.ssl.client_verify_type=SSL_VERIFY_OPTIONAL_UNTRUSTED
  58. self.ssl.server_connection_security=SSL_FORCE_SSL
  59. self.ssl.server_verify_type=SSL_VERIFY_REQUIRED_UNTRUSTED
  60. self.ssl.server_ca_directory="/etc/ssl/certs"
  61. self.ssl.server_trusted_certs_directory="/etc/zorp/certs"
  62.  
  63. #
  64. # The name of this function is passed to the Zorp binary with the --as
  65. # command line option.
  66. #
  67.  
  68. # zorp_https instance
  69. def zorp_https():
  70. Service(name="https", proxy_class=HttpsProxyKeybridge)
  71.  
  72. Rule(service='https', dst_port=[443, ])
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!