Welcome! Log In Create A New Profile

Advanced

Re: Handling mangled server names

Previous Message Next Message
Forum List Message List New Topic Print View
SplitIce
November 14, 2010 09:06PM
you could use nginx substutions module maybe, else forward to php and dom
parse and replace all script src, a href etc

On Mon, Nov 15, 2010 at 6:54 AM, Marc de Bruin <marc@debruin.org> wrote:

> Lo,
>
> At work, we have a perfectly functioning proxy server, which I don't trust.
> :-/ So I wanted to use my home infrastructure in a transparent way (e.g., no
> SSH port forwarding) to allow me just to use my browser to get http pages
> via https. Sort of a chained proxy.
>
> I came up with the following, working, configuration:
>
> server {
> listen 999 ssl;
> server_name ~^(?<mangled>.+)\.ubergurus\.eu$;
>
> set $website $mangled;
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
> if ($website ~* (.*)_(.*)) { set $website $1.$2; }
>
> ssl_certificate /opt/etc/nginx/
> ssl_ubergurus.eu/wildcard.ubergurus.eu.crt;
> ssl_certificate_key /opt/etc/nginx/
> ssl_ubergurus.eu/wildcard.ubergurus.eu.key;
> ssl_crl /opt/etc/nginx/
> ssl_ubergurus.eu/crl.pem;
> ssl_client_certificate /opt/etc/nginx/
> ssl_ubergurus.eu/ca.crt;
> ssl_verify_client on;
>
> location / {
> proxy_set_header Host $website;
> rewrite ^(.*)$ $website$request_uri
> break;
> proxy_pass http://$website;
> }
> }
>
> At home, 443 forwards to 999.
>
> At work, I'm now able to get e.g. https://www_ns_nl.ubergurus.eu/ which
> results, after two-sided SSL being setup, in a http//www.ns.nl get at
> home, and tunneling the result back to work. Of course still the URL shows
> up in the work's proxy log, put no content. The server certificate is a
> self-signed wildcard certificate for *.ubergurus.eu, so any mangled site
> would work, as long as it doesn't contain the 'dot'-char.
>
> A few questions came up during this invention:
> - Repeating the if line 10 times allows 10 levels of _-chars, meaning 10
> subdomains. Is there a better way to accomplish this?
> - Some sites contain absolute URL's within the content (e.g. the <A
> HREF=""> tag and <IMG > tag), which aren't rewritten back to https://*.
> ubergurus.eu. This causes leakage at the work site. Is there a quick way
> to add that?
> - Any ideas about a better mangling scheme to further obfuscate the
> destination website from the proxy log?
>
> Or am I just being crazy here... ;-)
>
> Tnx,
> Marc.
>
> PS: Great piece of software, nginx!
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>



--
Warez Scene http://thewarezscene.org Free Rapidshare
Downloadshttp://www.nexusddl.com
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Handling mangled server names

Marc de Bruin November 14, 2010 03:00PM

Re: Handling mangled server names

SplitIce November 14, 2010 09:06PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 262
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready