First, I would like to congratulate the developers of relayd. They have made a great daemon which is fast and very flexible.
I was able to get relayd to replace all of the functions of a Pound reverse proxy except URL and request method filtering. As far as I can tell relayd does not have these abilities. Is there a site, mailing list or person I could contact to suggest additions to relayd? Does anyone else use relayd and find these suggestions useful? It has been two weeks since my original post (below) and I just wanted to follow up. All of my configs can be found here: Relayd proxy "how to" (relayd.conf) http://calomel.org/relayd.html -- Calomel @ http://calomel.org Open Source Research and Reference On Tue, Mar 18, 2008 at 05:07:53PM -0400, Calomel wrote: >We are looking to do some URL path and request method filtering with relayd >if possible. Many of the other layer 7 filters like "User-Agent" and >"Referer" work without issue. > >The box is built using relayd from -current cvs downloaded on Mar 18, 2008. >Relayd is setup to be a reverse HTTP proxy with layer 7 filtering as a >relay to a test webserver. > >Similar to a firewall mindset, we are looking to block everything other >than what we specifically list out. > > >As a test, the URL or path filtering can allow "/", "*.html" and "*.jpg". >We are unable to figure out how to get relayd to allow only these types of >files, and deny any other access. The following is from our test >relayd.conf file, but these rules block all access. Is there a way to list >out each file type, one per line? Can we instead use something similar to >a regular expression like, request path expect "(^\/|\.html|\.jpg)$" > >## ## URL filtering (NOT working yet) > label "BAD path request" > request path expect "/" > request path expect "/*.html" > request path expect "/*.jpg" > > >The second question is how to only accept the "GET" and "HEAD" request >methods and deny any others. For example we do not want the webserver to >ever see POST or TRACE methods. As GET and HEAD are not headers, we are >unsure as what rules to use. > >## ## Block bad request method (NOT working yet) > label "BAD request method" > request header expect "GET" > request header expect "HEAD" > > >Since it is a work in progress, our full relayd.conf file can be found >here for reference: > > Relayd proxy "how to" (relayd.conf) > http://calomel.org/relayd.html > >-- > Calomel @ http://calomel.org > Open Source Research and Reference
