I have a web service access from my server IP, But I want to make an script and place on my server to let enduser connected to the script as relay for WSDL (requests and responses - SMS Services).
It's like a branch from the base. however I need to count requestes on my scripts too.
Unfortunately I don't have access to WSDL server code.
Also the enduser have to use the original WSDL (SOAP - php) client and I can't change enduser codes too.
So I have to ask enduser to connect to my server just like the original WSDL server then relay any request to WSDL server and same for resposes.
I can write a big class and Peer to Peer with many lines of codes. but I think there are better way for do this.
Any better Idea or solution?
To provide service orchestration, as SOAP web services are service interface based, it's better to implement the source WSDL on your side. Also, you have an option to set up a pass-through reverse proxy and the key point is rewriting SOAP requests and response address URL to your proxy server address. There are some solutions:
Use Nginx as a reverse proxy here is a related article by Jeff Geerling.
With WSO2 ESB you can set up pass-through SOAP proxy and inject your logic code, as far as I know, it supports PHP (I already did it with Java).
Write an HTTP reverse proxy program with PHP and don't forget to rewrite SOAP, WSDL requests and response address URLs with proxy server address. Here is an example.
You have another option to orchestrate the SMS service and counter service as a Restful service and make it transparent for the client.
Related
I want to distinct servers from a REST API.
I have a REST api, a WebSocket and X local servers (The amount change every minutes, from 1 to 20).
The REST api and the websocket are both in php, while local servers are in Java.
The servers are all connected to the websocket. So they can communicate between them.
The servers and the websocket can send requests to the REST api.
The problem is, I want to allow anybody to send requests to the REST server.
So, I have to authenticate the websocket and the servers through REST server to allow some actions (for example create users) to the WebSocket and others actions (for example login) to servers.
All these servers are on the same machine (==> localhost).
Do you have any ideas how can I authenticate servers and WebSocket ? I think that OAuth2 is good only for other users (Not WebSocket and not Java Servers).
I don't know if private and public keys are good in this situation, if yes, how can I use it ? Or maybe I have to create different passwords for WebSocket and all Java servers ?
Thanks,
0ddlyoko
OAuth2 can still be a good idea. You will not be able to use the Bearer HTTP header, because there are no real HTTP headers in Websockets, but you can still send that token over to authenticate.
Having one standard way to handle authentication is a good thing.
I have some PHP code in which XML data is being passed between server and client using sockets. socket_create( AF_INET, SOCK_STREAM, SOL_TCP ), socket_read(), socket_write() are the functions being used to pass XML and not HTTP requests.
Now if I want to use a proxy for client to use to connect through to the server, how can I do that in PHP?
I am new to sockets and from what I have gathered, there exists this library https://github.com/clue/php-socks which I don't fully understand right now but the idea is to setup the middleman using the same library which is essentially the proxy in this case. How would I go about using a SOCKS4/5 proxy obtained from https://www.socks-proxy.net/ or paid ones? Is the above mentioned library the only option? Feels like PHP should have something built in already.
Please advice.
This should be a comment, but it's a bit long.
Feels like PHP should have something built in already
I'm struggling to imagine why it should. PHP is a language designed for serverside web development. Proxies are a client side technology. Having said that the curl extension has comprehensive support for HTTP proxies.
There is no single proxy protocol. Certainly SOCKS and HTTP are the most visible protocols for proxies but there are lots more. Was there a specific reason for choosing SOCKS?
If it were me I would just setup transparent port forwarding using iptables (Linux) or a socat instance or haproxy (Unix, MSWindows).
I have following scenario:
The Android clients communicate with a PHP server via HTTP Post. The PHP server is communicating with mySQL database and sends the output as JSON to the Android client.
Now I am concerned that people sniffing the traffic, find out the URL and will post a lot of grap in my database.
I have no concern of sniffing the payload. So it does not necessarily be encrypted.
I was thinking of TLS/SSL which comes in mind because of the HTTP connection. But I am not sure what is the prefered way to go in this scenario.
What you want to do is employ mutually-authenticated SSL, so that your server will only accept incoming connections from your app and your app will only communicate with your server.
Here's the high-level approach. Create a self-signed server SSL certificate and deploy on your web server. You can use the keytool included with the Android SDK for this purpose. Then create a self-signed client and deploy that within your application in a custom keystore included in your application as a resource (keytool will generate this as well). Configure the server to require client-side SSL authentication and to only accept the client certificate you generated. Configure the client to use that client-side certificate to identify itself and only accept the one server-side certificate you installed on your server for that part of it.
If someone/something other than your app attempts to connect to your server, the SSL connection will not be created, as the server will reject incoming SSL connections that do not present the client certificate that you have included in your app.
A step-by-step for this is a much longer answer than is warranted here. I would suggest doing this in stages as there are resources on the web about how to deal with self-signed SSL certificate in Android, both server and client side. There is also a complete walk-through in my book, Application Security for the Android Platform, published by O'Reilly.
SSL won't help you, as the traffic can be sniffed before the data hits the wire, and people will STILL be able to figure out your API calls and fill the DB with crap.
You can "secure" the service with access tokens and username/password requirements. But again, they won't prevent a malicious user from flooding your system with bad data. However, it would let you track down WHICH user was doing so, as they'd have to be using a unique access token of some sort to get at your system.
What I have found till now is that:
proxy (squid) throws error code 417. This is due to HTTP/1.1 header "Expect: 100-continue" which squid does not handles properly
On Suppressing "Expect: 100-continue" header, curl returns incorrect header size
How do I proceed from here ?
I really hate patronizing answers that indicate the person asking the question is an idiot. You see it all the time on this site and it's getting annoying.
for squid try this configuration directive:
ignore_expect_100 on
If the Squid proxy MUST be used AND you cannot fix Squid, then you only have one solution: tunnel the API calls through to a server outside of your network and have that server forward the API calls to Amazon S3 on your behalf.
From a basic view you can just replicate all the S3 calls you use on your external server but you must be aware of the security implications, i.e. restricting the usage of the server to say the external IP address of your Squid server, or even API keys much like Amazon use themselves.
If more flexibility is available try another proxy preferably non-caching like Pound.
I want a way to allow users to go through my http proxy server (Squid, Privoxy, etc.) without having to type the IP/port in web browser settings. I was hoping I could use a simple web interface.
I'm envisioning this:
User goes to a website on my server (http://proxy.com) and types a URL
into the form.
The user's browser URL looks like (http://proxy.com/url=URL)
All connections to any future links are passed through my http proxy
running on a different port.
And I do NOT want to use existing php/cgi web proxy scripts.
My only reasoning for that is I feel it would be much more efficient re-routing connections through a native proxy server than having many php instances proxy the connections. Please tell me if you think this would not actually be the case.
Are there any simple ways of doing this? Thanks!
You may want to setup a transparent proxy. That way the clients do not know they are using a proxy so they do not have to set the proxy IP in their browsers. This obviously does not work for https. Some information for squid here: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html