Saltstorm :: Capri :: The CAPRI Protocol

Capri 1.30

Capri
	Introduction
	Installation
	Capri protocol
	CapriAWT - Antiworm Toolbox
	License
	Download

The CAPRI-protocol.

The Capri protocol can be used to define per-request interceptors in different ways, but the main place for defining these is capri.conf A capri interceptor consists of three parts, whereas the firt part, the URI, is naturally treated case sensitive, but the capri-part is insensitive to case. So, reading left to right:

An absolute URI.
A protocol definition. (capri or capri-x)
A Capri directive.

/hello/world capri:gone

This would tell Capri via mod_rewrite to instruct Apache to respond with a plain HTTP status 410 Gone to a request for http://www.mydomain.tld/hello/world.

Capri and Capri-x.

Besides the vanilla capri: protocol, you additionally can use the sub-protocol capri-x to explicitly disable logging for a specific HTTP request. So if we want the above interceptor to be served in 'stealth' mode, leaving no trace in the accesslog, we do:

/hello/world capri-x:gone

Capri directives.

FORBIDDEN
GONE
REDIRECT
PROXY
PASSTHROUGH
IP-CONDPASS

Forbidden [F]

Equal to mod_rewrite's F command. This will tell Apache to treat the current URI as Forbidden by client and respond with a 403 Forbidden.

/no/access capri:forbidden

Gone [G]

Equal to mod_rewrite's G command. This will tell Apache to treat the current URI as Gone and respond with a 410 Gone.

/old/document.html capri:g

Redirect [R]

Equal to mod_rewrite's R command. This will tell Apache to respond with a page contining a Location HTTP-header that's automatically fetched by a client inplace for the requested URI. The redirection-type is hardcoded to issue 307 Moved Temporarily. The redirection URI can point to a remote host aswell as locally. You may also redirect to a another protocol like ftp.

/old/page.html    capri:redirect=/new/page.html
/old/page.html    capri:redirect=http://www.remote.tld/page.html
/old/bin.gz       capri:redirect=ftp://ftp.remote.tld/bin.gz

Proxy [P]

Equal to mod_rewrite P command. Tells Apache to immediately direct the request to mod_proxy for further handling. Note that you will need to have mod_proxy up and configured for this to work or you'll get an error. This command equals a ProxyPass directive, so you probably want to additionally read up on ProxyPassReverse directive.

/www2/page.html capri:proxy=http://www2.remote.tld/page.html

Passthrough [PT]

Equal to mod_rewrite PT command. Tells Apache to skip all furter RewriteRules and pass on the request to the next API handler.

/abc/page.html capri:passthrough=/def/page.html
/foo capri:pt=/bar

IP-Condpass [IPC]

This command is similar to PT, but gives more advanced twist. Here you pass on two different commands (separated by the pipe (|) character) and let Apache decide what one to execute by looking up the remote address against the cached capri.ip-cache map for a match. If the current remote address is NOT present in the cache the former command will be executed, while in the opposite case Apache will fall back on the latter command.

This if-else directive was initially implemented for dealing with the famous Internet worms, where on the first time an attack is coming in from a remote address delegate it for special treatment (eg. CGI, PHP etc.) and while at this, adding the requesting IP to the cache. Then at any future identical requests from this IP-address, Apache will find the remote address in the IP-cache and fallback on the latter command. Thus not luring Apache into spending any further CPU resources on this request/remote address combo. The IP-condpass negotiating technique is used by the Anti-worm Toolbox supplied with Capri, but can be applied for other approaches aswell.

/once/only1    capri:IPC=/cgi-bin/once.cgi|F
/once/only2    capri:IPC=/cgi-bin/once.cgi|R=/already/seenit.html
/once/only3    capri-x:ip-condpass=/cgi-bin/once.cgi|gone

These examples assume that the script once.cgi actually adds the requesting IP-address to the capri.ip-cache map. The means to do this in a very simple manner is supplied in the form a the Anti-worm Toolbox and a separate module namely CapriCache.pm, both written in PERL and is available in the cgi-bin directory of the Capri distribution.

SiteSearch
Search Site By