I am working on a project for a client, that they have several applications that communicate with a soap server, however they require all requests to go thru a proxy, and want to be able to answer several of the soap requests locally, then if it requires the outside server send the request from the inside php server basically like a proxy. So the only communication the Software has is with the rerouted internal php server.
The setup is as follows:
1. Application makes call to 255.255.255.255
2. Internal Routing redirects request to 192.168.1.2 (Internal Web Server)
3. Internal Web server serves requests for the requested page
3a. If the Method requested can be answered local it needs to answer it,
3b. Or it needs to forward the whole original request to the outside server, wait for response then return the answer back to the Software as if it was serving the answer.
Does that make sense, and does anyone have any suggestions for how to accomplish this in a php page? The network routing is already done, and the Software is being answered by the internal php page, however I cannot get it to forward the request.
The determination of 3a is outside the scope, but an important part in deciding what implementation to use; for each transport protocol you need to implement a request rewrite. If there's only the HTTP transport, you can either use fopen with URL wrappers, which isn't very flexible in terms of specifying headers or use the cURL extension. Once you've got the response from the external server, simply write out the data.
Related
I have been building an HTTP Server (in the C programming language), and I'm wondering what would handle a POST request sent by a client. That is, if a client sends me a POST request to a PHP page, then how would I pass the data sent by the client to the PHP page?
Feel free to ask for clarification.
Something needs to parse, compile and execute the PHP page. You're not about to write your own, so your server will need to act as a proxy for the request.
Solution 1: Setup a FastCGI PHP daemon. Your web server can then forward the request to PHP using the FastCGI protocol.
Solution 2: Setup a web server capable of handling PHP requests. Your web server can then (indirectly) forward the request to PHP using HTTP or HTTPS. This is less work for you, but it begs the question why you're not just using that web server throughout.
I've built a Slack App for our team.
I was able to create a Slack Button and used that to authorize the app with oauth.access
My Slack App adds a Slash Command to a channel in Slack
So far so good.
The Slash Command needs a Request URL which is simply the page that will receive the slash command payload and optionally, send a response back to the Slack channel.
Here's the rub, the server that host the page I need to use for the Request URL is on our internal network and only accessible to users on our VPN.
Our main site accessible to the world at, https://example.com
The server on which this page is hosted is at, https://slack.example.com which is only accessible to users on our VPN (both are apache 2.4 servers)
Anyone not on the VPN that requests slack.example.com is instead served https://example.com
It is not possible for me to move the php page to a server that is accessible outside our VPN (it's part of a larger application that can't be moved) but I can add a php page the serve that hosts https://example.com.
I'm thinking that I might be able to add a php page to example.com that could act as a proxy recieving messages from slack.com, passing them to slack.example.com then getting the response from slack.example.com and sending that response back to slack.com.
Is this possible, and if so, how would I go about it? I'm open to other solutions as well, possibly using Apache to do the proxying?
I would run the request page on a separate server in your DMZ functioning as proxy to the internal application server. Here is a brief description:
The php script for the request url (=request page) needs to be accessible to the public internet, so that Slack can call it. I would put it on a separate server and I would put that server in the DMZ of your company. That is usually the best place for servers that need to be accessible from the outside, but also need to access servers on the inside of your company. Make sure to use SSL and the verification token to secure your calls from Slack.
The request page can run on a small server and will need to have a webserver (e.g. apache) and php. If you planning to have more complex requests you may also need a database. It will also need to run SSL, so you will need a certificate. You can also use your existing webserver to the outside (example.com) if is meets these requirements.
The request page needs to have access to your application server, e.g. via VPN. It would need to function as proxy: receive the request from Slack, make requests to the application server based on the specifics of the slash command and then return the info back to Slack.
Another important point is user authentication. I read from your question that not all users on your Slack team should have access to the application server, so your request script needs to have a method to distinguish which users are allowed access and which are not. It would be easiest, if these users could be identified by membership of a specific Slack group. In any case you probably would need an additional bot that ensures mapping of Slack users to VPN users.
I am using django as backend API and ajax for making api call.my main site runs on https but the api on http . i am unable to make api calls from ssl cert loaded onto ngnix.
is it possible to make ajax calls from https to http ?
any leads will be appreciated ?
thnks in advance ..!!
The only difference between HTTP and HTTPS is the SSL security part, if your server is able to handle HTTPS requests they will be send through to the API just like any other HTTP request, it's only the actual data communication from the client socket to the server socket that is affected, once the data is received it's back in plain text (or it's original format) again.
Your browser will stop this and/or give an insecure warning and a padlock symbol for your HTTPS connection.
HTTPS indicates the site is secure, which gives certain guarantees to the visitor - namely that the site is for the given domain (authentication), that it's not been intercepted and changed (integrity) and that no one else is able to listen in to your messages to and from the server (confidentiality).
When you add an insecure resource like an api call, those guarantees are no longer there and so the browser will give a "insecure" warning, typically with a yellow warning padlock (instead of green) and/or a pop up.
Browsers used to differentiate between inactive content (e.g. images) - which were seen as less of a risk and so allowed, and active content (e.g. JavaScript) - which were potentially dangerous and so not allowed, however don't think they do any more. Even if they did Ajax XHR calls are definitely in the latter category.
Best option is to proxy pass the request through your main site domain through Nginx (e.g. forward requests to https://example.com/api from Nginx to your api using Nginx config).
i have php proxy script which uses file_get_contents to get web sites and outputs it ...
everything is working as long as web sites are static, but as long as i use some sites that uses ajax requests to update it's content, lik twitter, 9gag, youtube ... new content doesn't get added
i get this error in console:
XMLHttpRequest cannot load http://9gag.com/new/json?list=hot&id=6408098. Origin is not allowed by Access-Control-Allow-Origin.
since 9gag site is now my local site served by my local proxy it can't access new content from original 9gag site, which this is cross domain issue ....
so my question is how do i take ajax requests and put them through my local proxy server?
This is a security feature. It is made to prevent such requests that you are trying to do. As I can see, you have only two possibilities:
Add site to hosts file to forward it to your proxy. It this way you have to ensure that your proxy responds correctly this way. But I don't know if there are some other checks browser-side except checking the domain. If only domain taken into account, everything will be ok.
Set OS to use your proxy site as a system proxy. This way you should make it to respond as a regular proxy server.
P.S. May be it is better to use some ready-to-use transparent proxy utility?
When using PHP I can use file_get_contents or cURL to get a URL.
jQuery runs on the client
In jQuery there is a function called jQuery.getJSON(). Javascript is run on the client. What server is used for the download of the JSON code of the external URL? What information does the called URL know about? Does it know of the domain? The IP of the client user? It's a client language.
Prefered for many request
To make many requests, is it safer to do this with Javascript than PHP because it runs on the every client instead of one server point?
What server is used for the download of the JSON code of the external URL?
The one that the domain name in the URL passed to that function resolves to.
What information does the called URL know about?
It is an HTTP request, like any other. The usual information will be available.
Does it know of the domain? The IP of the client user?
Of course.
It's a client language.
… making an HTTP request.
To make many requests, is it safer to do this with Javascript than PHP because it runs on the every client instead of one server point?
You control the server. You don't control the client. JavaScript can be disabled. It is safer to make the request from your server.
(For a value of "safe" equal to "Less likely to fail assuming the service you are using doesn't impose rate limiting")
Because of the Same Origin Policy all requests made in JavaScript must go to the domain from which the document was loaded. It's a standard HTTP request, so the server will have the same information it would if a user was just navigating around (including cookies, etc.) From the phrasing of your question it appears you need to make requests to some external site, in which case making those requests from your server which is not subject to such a security policy would likely be best.
In jQuery there is a function called jQuery.getJSON(). Javascript is
run on the client. What server is used for the download of the JSON
code of the external URL? What information does the called URL know
about? Does it know of the domain? The IP of the client user? It's a
client language.
The code that runs your web browser is only on your PC, too, yet it is perfectly capable of retrieving content via the HTTP protocol from a web server, and has done so for several decades.
AJAX requests are no different. jQuery creates an XMLHttpRequest object that performs an HTTP request in a manner uncoupled from the general page context. As far as the server's concerned, it's just an HTTP request like any other.
The text contents of the result you get back happen to be written in JSON format, but the HTTP layer neither knows nor cares about that.