[mod_python] Filtering POST requests (req.read ())

Vladimir Petrovic vladap at criticalpublics.com
Tue Feb 15 09:30:31 EST 2005


In my setup, apache is acting like a reverse proxy to the application server 
(Zope). The setup uses proxy rewrite rules. I would like to setup a modpython 
handler which will inspect all POST requests and it will block the request if 
some special field names are used.

I've setup PythonPostReadRequestHandler
with the following code:

fs = util.FieldStorage (req)
for k in fs.keys ():
  if not check_field_name (k): return apache.HTTP_FORBIDDEN

return apache.OK

If the POST request contain an invalid field apache returns FORBIDDEN error as 
it should. But if the request doesn't contain invalid field names, then the 
request is "blocked", the client doesn't get any reply. The same happens if I 
just call req.read () inside the handler.

It seems that calls to req.read () inside FieldStorage use all request data 
that client sends, and after the handler returns the request gets blocked. Is 
there a way to solve this problem or is there an alternative way to inspect 
POST data ?

thank you,
Vladimir



More information about the Mod_python mailing list