View
225
Download
1
Category
Tags:
Preview:
Citation preview
1
Integration Points: Gateways,
Tunnels, and Relays
Herng-Yow Chen
2
Outline How gateways interface HTTP with other
protocols and applications How application interfaces allow different
types of web applications to communicate with one another
How tunnels let you send non-HTTP traffic over HTTP connections
How relays, a type of simplified HTTP proxy, are used to forward data one hop at a time
3
Why Gateways?
clientwww.joes-hardware.com
Gateway
Database
HTTP/1.0 200 OK
NEW product list:
…
Response message
GET /query-db.cgi?newproducts HTTP/1.1
Host: WWW.joes-hardware.com
Accept: *
Request message
Client is requesting:
http://www.joes-hardware.com/query-db.cgi?newproducts
4
Different types of Gateways
Gateway
GatewayHTTPS client
HTTP client
HTTP client
Server
Server
HTTP FTP
HTTPSSL
HTTP
CGI(or other API)
App serverProgram
(c) HTTP/CGI server-side application gateway
(b) HTTPS/ HTTP client-side security gateway
(A) HTTP/FTP server-side FTP gateway
Application server gateway
5
Protocol Gateways
(a)MSIE manual proxy settings (b)Navigator manual proxy settings
6
HTTP/*: Server-Side Web Gateways
Web server
FTP server
HTTP client
FTP
8080
HTTP/FTP gateway(gw1.joes-
hardware.com)
GET ftp://ftp.irs.gov/pub/00-index.txt HTTP/1.0
Host: ftp.irs.gov
User-agent: SuperBrowser 4.2
HTTP
GET http://www.cnn.com/ HTTP/1.0
Host: www.cnn.com
User-agent: SuperBrowser 4.2
HTTP
(www.cnn.com)
(ftp.irs.gov)
7
HTTP/*: Server-Side Web Gateways
HTTP clientHTTP
FTP server
Port 21
GET ftp://ftp.irs.gov/pub/00-index.txt HTTP/1.0
Host: ftp.irs.gov
User-agent: SuperBrowser 4.2
USER anonymous
PASS joe
CWD /pub
TYPE A
MDTM 00-index.txt
PASV
PETR 00-index.txt
HTTP/FTP inbound conversion gateway
FTP control connection
FTP data connection
…data…
Inbound
8
HTTP/HTTPS:server-Side Security Gateways
HTTP clientHTTP
secure webserver
HTTP/HTTPS inbound security gateway
Port 443HTTP over
SSL(HTTPS)
GET http://www.cnn.com/ HTTP/1.0
Host: www.cnn.com
User-agent: SuperBrowser 4.2
Mdsnrt734tngfd/pofgdaoij.lod8skd90827/;lksdjs#@#(@#……
9
HTTP/HTTPS:Client-Side Security Accelerator Gateways
BrowserHTTP/HTTPS security accelerator gateway
Mdsnrt734tngfd/pofgdaoij.lod8skd90827/;lksdjs#@#(@#……
HTTP over SSL(HTTPS)
GET http://www.cnn.com/ HTTP/1.0
Host: www.cnn.com
User-agent: SuperBrowser 4.2
HTTP
www.cnn.com
Protected internal LAN
10
Resource Gateways
Web camera API
E-commerce API
Client A
Client B
$$10110$$
Camera device and software
E-commerce application
Application server
HTTP
HTTP
11
Common Gateway Interface
The first popular API for application gateways was the Common Gateway Interface (CGI).
It is a standardized set of interfaces that web servers use to launch programs in response to HTTP requests
for special URLs, collect the program output, and send the output back in HTTP response.
Over the past years, commercial web servers have provided more sophisticated, efficient interface for the same purpose.
12
CGI Was the first and probably still is the most wid
ely used server extension. Applications
Dynamic HTML output, Credit card processing, Query database
Can be implemented in almost any language, including Perl, Tcl, C, and various shell languages.
Because of its simplicity, almost all HTTP servers support CGI.
13
Server gateway application mechanics
Spawned gateway process#1Spawned gateway process#2Spawned gateway process#N
Request 1
Request 2
Request N
Server system
Response 1
Response 2
Response N
Server process
Request Data
Response Data
Server internal view
14
CGI is wonderful?
Yes! It provides a simple, functional form of glue betwee
n servers and much type of resource. The interface also is elegant in protecting the serve
r from buggy extensions.
NO! This separation incurs a cost in performance. The overhead to spawn a new process for every CGI
request is high, limiting the performance of server. New form of CGI- Fast CGI (run as a persistent daem
on)
15
Server Extension APIs Allow programmer to graft their own code ont
o the server, Or completely swap out a component of the se
rver and replace it with their own. Most popular servers provide one or more exte
nsion APIs for developers. Most of them are specific to server type, because of
its functions tied to server architecture. For example, Microsoft’s Frontpage Server Extens
ion (FPSE), which interpret RPC command sent by FrontPage client. Those commands are piggybacked on HTTP (specifically, on POST method).
16
Tunnels
Enable access to applications that speak non-HTTP protocols through HTTP applications.
Web tunnels are established using HTTP’s CONNECT method, which is not part of the core HTTP/1.1, but it is a widely implemented extension.
17
Using CONNECT to establish an SSL tunnel
18
Tunnels let non-HTTP traffic flow through HTTP connections
19
SSL Tunneling
20
Tunnel Authentication
21
Relays
clientserver
Blind relay(a)Connection:keep-Alive
(b) Server won’t close connection when done becauseIt thinks it has been asked to speak keep-alive
(c) Connection:Keep Alive
(b) Connection:Keep Alive
(d) Connection:Keep Alive
(c) Relay waits for connection to close ignoring any new requests on the connection(e) Next request
(f)Client’s second request on the keep-alive connection just hangs because the relay never processes it
22
For More Information
http://www.w3.org/Protocols/rfc2616/rfc2616.txt RFC 2626” Hypertext Transfer Protocol” by R. Fielding , J. G
ettys , J. Mogul,H. Frystyk , L. Masinter , P. Leach , T. Berners-Lee
Web Proxy Servers Ari Luotonen,Prentice Hall Computer Books.
http://www.alternic.org/drafts/drafts-l-m/draft-luotonen-web-proxy-tunneling-01.txt
“Tunneling TCP based protocols through Web proxy servers”
http://cgi-spec.golux.com The Common Gateway Interface-RFC Project Page
23
For More Information
http://www.w3.org/TR/2001/WD-soap12-part0-20011217/ W3C-SOAP Version 1.2 Working Draft
Programming Web Services with SOAP James Snell,Doug Tidwell,and Pavel Kulchenko,O’Reilly & Associat
es,Inc http://www.w3.org/TR/2002/WD-wsa-reqs-20020429
W3C-Web Services Architecture Requirements Web Services Essentials
Ethan Cermai,O’Reilly & associates,Inc.
Recommended