|
Chris Jackson
christopher.jackson at gmail.com
Tue Feb 15 10:30:49 EST 2005
One side suggestion would also be to use req.form , like so:
my_list_of_special_field_names = ['special1', 'special2', 'special3']
for special in my_list_of_special_field_names:
if special in req.form:
return apache.HTTP_FORBIDDEN
req.form holds all fields whether it's from POST or GET.
If you're looking to see if certain values of the fields are
forbidden, you can always do:
if req.form.has_key("forbidden_value"): # etc, etc.
I'm unsure if this helps you any, but I figured I'd post it anyway.
~= Chris =~
On Tue, 15 Feb 2005 16:30:31 +0200, Vladimir Petrovic
<vladap at criticalpublics.com> wrote:
> In my setup, apache is acting like a reverse proxy to the application server
> (Zope). The setup uses proxy rewrite rules. I would like to setup a modpython
> handler which will inspect all POST requests and it will block the request if
> some special field names are used.
>
> I've setup PythonPostReadRequestHandler
> with the following code:
>
> fs = util.FieldStorage (req)
> for k in fs.keys ():
> if not check_field_name (k): return apache.HTTP_FORBIDDEN
>
> return apache.OK
>
> If the POST request contain an invalid field apache returns FORBIDDEN error as
> it should. But if the request doesn't contain invalid field names, then the
> request is "blocked", the client doesn't get any reply. The same happens if I
> just call req.read () inside the handler.
>
> It seems that calls to req.read () inside FieldStorage use all request data
> that client sends, and after the handler returns the request gets blocked. Is
> there a way to solve this problem or is there an alternative way to inspect
> POST data ?
>
> thank you,
> Vladimir
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>
|