Wrap external http url into https - http

I have url of some external service I need to integrate our legacy system with.
Our legacy system is using some sort of bridges (pre-defined connectors) to talk with external world.
And currently there is only web connector for https. But that external service is available only through http, i.e. no SSL on that end and we can not do anything about it.
So I'm wondering maybe there is some online service, which could wrap http url into https, some sort of public proxy or whatever, so I could get https url in a few clicks.
For now it's just a proof of concept project, so I'm trying to avoid installing any internal proxy in our network etc. Need just the simplest and the quickest solution, which would give me https url.
Thanks in advance for you help, guys.

Related

Connect to web application protected by GlobalProtect with custom HTTP requests

Our company CRM web application does not have an API and therefore is extremely cumbersome to use when having to upload data as this all has to be done manually and through the GUI. To access this application you need to be identified in GlobalProtect. My idea was to use http requests sent directly to the server to try to circumvent the lack of an API.
However, i have been very unsuccesful as copying http request out of the chrome devtools and changing their payloads using Postman resulst in an ECONN_RESET error. I am no networking expert, but i believe this error has to do with the fact that the application is protected by GLobalProtect and there is more communication necessary with the server to make it accept my modified http requests.
Is there anyone with knowledge about networking and GlobalProtect that could point me in the right direction towards setting up a direct communication with the server? Thanks so much!

Asp.net GenericJsonWebHook behind load balancer

I'm implementing the ASP.Net Webhook (GenericJsonWebhook) code and it does exactly what I want but requires an https connection. The server is in AWS and SSL termination happening at an AWS Load Balancer, with the "inside" connection being http. Anyone know how to override the https requirement other than downloading and altering the webhook source. (Yes, putting a certificate on the webserver is an answer but that's outside of scope at the moment)
thanks
Richard
Found it - Add MS_WebHookDisableHttpsCheck with a value of true to the config file

Turning an AWS server into a proxy server to be used to crawl with Scrapy

I was just wondering if anyone knows how I could configure an Amazon Web Services server to be used by a Scrapy crawler as a proxy server? I don't want to get blacklisted by the websites I am crawling so I need to use proxy servers. I just am not sure how to turn the AWS server into a proxy server. Thank you!!
The easiest way to proxy your HTTP traffic through an EC2 instance, although not as safe as using TOR or an anonymous vpn, is to use tinyproxy. You can find a walkthrough here.
Note that scraping in such a way as to violate a website's terms of use or otherwise impact the functionality of their site can be a legal liability if you intentionally violate those terms as per Trespass to chattels.
Keep in mind that you pay for the traffic and that after too many recurring request from the same IP that IP will be banned.

Should I always use a reverse proxy for a web app?

I'm writing a web app in Go. Currently I have a layout that looks like this:
[CloudFlare] --> [Nginx] --> [Program]
Nginx does the following:
Performs some redirects (i.e. www.domain.tld --> domain.tld)
Adds headers such as X-Frame-Options.
Handles static images.
Writes access.log.
In the past I would use Nginx as it performed SSL termination and some other tasks. Since that's now handled by CloudFlare, all it does, essentially, is static images. Given that Go has a built in HTTP FileServer and CloudFlare could take over handling static images for me, I started to wonder why Nginx is in-front in the first place.
Is it considered a bad idea to put nothing in-front?
In your case, you can possibly get away with not running nginx, but I wouldn't recommend it.
However, as I touched on in this answer there's still a lot it can do that you'll need to "reinvent" in Go.
Content-Security headers
SSL (is the connection between CloudFlare and you insecure if they are terminating SSL?)
SSL session caching & HSTS
Client body limits and header buffers
5xx error pages and maintenance pages when you're restarting your Go application
"Free" logging (unless you want to write all that in your Go app)
gzip (again, unless you want to implement that in your Go app)
Running Go standalone makes sense if you are running an internal web service or something lightweight, or genuinely don't need the extra features of nginx. If you're building web applications then nginx is going to help abstract "web server" tasks from the application itself.
I wouldn't use nginx at all to be honest, some nice dude tested fast cgi go + nginx and just go standalone library. The results he came up with were quite interesting, the standalone hosting seemed to be much better in handling requests than using it behind nginx, and the final recommendation was that if you don't need specific features of nginx don't use it. full article
You could run it as standalone and if you're using partial/full ssl on your site you could use another go http server to redirect to safe https routes.
Don't use ngnix if you do not need it.
Go does SSL in less lines then you have to write in ngnix configure file.
The only reason is a free logging but I wonder how many lines of code is logging in Go.
There is nice article in Russian about reverse proxy in Go in 200 lines of code.
If Go could be used instead of ngnix then ngnix is not required when you use Go.
You need ngnix if you wish to have several Go processes or Go and PHP on same site.
Or if you use Go and you have some problem when you add ngnix then it fix the problem.

asp:MediaPlayer (Silverlight) Https / http issue

we have a site (https://oursite.net) in which we display a videostream hosted on http (http://someserver.com). The site needs to be hosted on https, and we don't control the video, so I'm assuming it needs to be on http. we recently added the option to play the stream through the silverlight asp:MediaElement, which works perfectly fine in our test environment (on http) but doesn't work in production (https).
The info on the web is somewhat confusing as I'm having a hard time differentiating between how this stuff worked at different stages in the silverlight development (seems to have been a bit to and fro)
Is this setup possible at all (hosting the player on https but playing a stream on http) with some sort of policy file?
in that case: does this policy file need to be hosted with the silverlight app (on https) or where the streams are located (http)
Thanks for your time
Andreas
You are running into a cross-scheme violation unfortunately. The stream would need to match the same scheme (https) as the hosting application. Unfortunately most streaming isn't available in HTTPS.
Can you check the enableHtmlAccess property on the object tag to make sure it is true? Most media players end up using the HTML DOM bridge to communicate with the web page.
It's also likely that there is a cross-scheme issue: you should try and optimize for all assets being on the same scheme (HTTP or HTTPS).

Resources