ASP.Net reverse proxy, what to do with external resources? - asp.net

I'm currently working on a concept for a reverse proxy to basically relay responses and requests between the user and an otherwise invisible website. So basically the user goes to a site, let's say www.myproxyportal.com, where it is possible to access a website (in an iframe) in the webserver's intranet which isn't made public (for example internal.myproxyportal.com).
I've been working on a solution where I translate request objects to the desired location and return that response to the website. Works great, except for stuff like CSS links, IMG's, etc. I can do the translation of course, but then the link would go to internal.myproxyportal.com/css/style.css and this will never work from the outside.
How to approach such a thing?
Are there any out of the box solutions maybe?
EDIT: I found this, which is very similar to what I have written so far, but it also lacks support for external images, css, javascript, etc.

You can change settings in IIS to route all requests through ASP.NET pipeline, not just .aspx pages. Then simply create an HttpHandler to handle those in your proxy.
By default, IIS doesn't run "static" content requests through ASP.NET engine.

Apache has a pretty slick reverse proxy built-in, I use it extensively.
See more here: http://www.apachetutor.org/admin/reverseproxies

Related

Plone, behaviour of URLs

The situation is the following: I created a site with Plone, developed, used, but behind a test URL. Now it has to be published, but the test URL is not appropriate and I don't want to move the site. I think, if I use a redirect, it won't be appear in the URL-bar, only in the case of site start page. Am I wrong? (The test URL should not be used, because it will be a "semi-official" site.) What do you suggest to do?
As far as I can see Plone uses absolute URLs everywhere. I can add relative URLs, but if I create a new page, a new event, etc., then they have absolute URLs on other automatically generated inner pages. Is there any way to convert these URLs to relative paths? Is there any setting possibilty where only a checkbox changes this default setting?
Plone does not store your URLs in the database. It uses the inbound host header (and any virtual hosting configuration set up with rewrite rules in Apache or Nginx) to calculate the correct absolute URL when rendering the page.
In other words - as soon as you actually point the relevant domain name to the server with your Plone instance, it'll just work.
P.S.
You should put a bit more effort into asking your question. This is just a copy and paste of a half-finished email chain where you tried to get the answer from me in private. It's not very easy to understand what you're asking.
I think what you are looking for is url rewriting to handle virtual hosting. ie to get your site to appear as if it's the root url of a domain.
This is normally done via the webserver that normally sits in front of plone. For apache, here is a howto
http://plone.org/documentation/kb/plone-apache/virtualhost
for other servers
http://plone.org/documentation/manual/plone-community-developer-documentation/hosting
You can also achieve this directly in zope (via ZMI) using something called the Virtual Host
Monster. see http://docs.zope.org/zope2/zope2book/VirtualHosting.html
PS. I don't think your question is badly worded. Plone does serve pages with a "base" tag and what appears to be absolute urls. They aren't baked into the database but it's also not obvious that the solution to getting the url you want is the VHM url syntax and a proxying frontend webserver. There is a reason why it doesn't use relative urls... which I can't remember it was so long ago.

Adobe Flex, loading a remote swf

I have a flex app running on my server.
I have had a request from some clients to have the swf loaded on their server, so that their customers dont have to be transferred to my server to login; i.e. from the user's point of view it looks like they are logging in from theirsite.com instead of mysite.com
I tried something really simple, and that was to give them a html wrapper to host on their site. The only modification that I made was to change the "src" var to:
"src", "https://www.mysite.com/app/myapp.swf"
and
embed src="https://www.mysite.com/app/myapp.swf"
To my surprise, this worked perfectly. And best of all, the service calls still seem to come from mysite.com, so I dont have to bother with modifying the crossdomain.xml file.
All good it seems.
Are there any issues or downsides to the above that I should be aware of?
If you're doing an ExternalInterface calls to JavaScript in the enclosing page, this may cause a security error; since the SWF from your domain shouldn't be able to access HTML content served from your client's domain.
I expect that is a fringe case though. Aside from that, what you're doing is not much different than what YouTube does. I've done the same thing with The Flex Show player. I don't think you'll have any issues. And I do not believe that this approach makes your app any less (or less) secure.

What is the recommended method of HTTP Redirection from multiple URLs to one URL?

I have a website that has a number of URLs that people use to connect to that site (uses the bindings on the IIS website and everything works as intended):
http://www.sample.com
http://sample.com
https://www.sample.com
http://xyz.sample.com
http://oldurl.com
Now what I want to do is have all of the URLs go to https://www.sample.com - so if you type in "http://xyz.sample.com" or "sample.com" you should go to https://www.sample.com
The question is what is the best mechanism to do this? I have one possible solution (which I will put as an answer to this question), but I get the feeling that there might be another, better solution available.
One possible option via IIS settings would be to do the following:
Remove extra site bindings from website (i.e. xyz.sample.com, sample.com, etc...). This should leave just the web url you are trying to get all traffic to flow to (i.e. https://www.sample.com)
Create a second website in IIS
In the second website create bindings that were removed from the original website
In the second website use the HTTP Redirect (option in IIS) to direct all traffic from the second site (where all the alternate urls now reside) to the goal site (https://www.sample.com)
Set up a new website on the new binding https://www.sample.com, and then, on the old website, open the Http Redirect property page and set up your redirect.
That's in IIS Manager.

ASP.NET Friendly URLs

In my research, I found 2 ways to do them.
Both required modifications to the Application_BeginRequest procedure in the Global.Asax, where you would run your code to do the actual URL mapping (mine was with a database view that contained all the friendly URLs and their mapped 'real' URLs). Now the trick is to get your requests run through the .NET engine without an aspx extension. The 2 ways I found are:
Run everything through the .NET engine with a wildcard application extension mapping.
Create a custom aspx error page and tell IIS to send 404's to it.
Now here's my question:
Is there any reason one of these are better to do than the other?
When playing around on my dev server, the first thing I noticed about #1 was it botched frontpage extensions, not a huge deal but that's how I'm used to connecting to my sites. Another issue I have with #1 is that even though my hosting company is lenient with me (as I'm their biggest client) and will consider doing things such as this, they are wary of any security risks it might present.
`#2 works great, but I just have this feeling it's not as efficient as #1. Am I just being delusional?
Thanks
I've used #2 in the past too.
It's more efficient because unlike the wildcard mapping, the ASP.NET engine doesn't need to 'process' requests for all the additional resources like image files, static HTML, CSS, Javascript etc.
Alternatively if you don't mind .aspx extension in your URL's you could use: http://myweb/app/idx.aspx/products/1 - that works fine.
Having said that, the real solution is using IIS 7, where the ASP.NET runtime is a fully fledged part of the IIS HTTP module stack.
If you have the latest version of IIS there is rewrite module for it - see here. If not there are free third party binaries you can use with older IIS (i.e. version 6) - I have used one that reads the rewrite rules from an .ini file and supports regular expression but I cant remember its name sorry (its possibly this). I'd recommend this over cheaping it out with the 404 page.
You have to map all requests through the ASP.NET engine. The way IIS processes requests is by the file extension. By default it only processes the .aspx, .ashx, etc extensions that are meant to only be processed by ASP.NET. The reason is it adds overhead to the processing of the request.
I wrote how to do it with IIS 6 a while back, http://professionalaspnet.com/archive/2007/07/27/Configure-IIS-for-Wildcard-Extensions-in-ASP.NET.aspx.
You are right in doing your mapping from the database. RegEx rewriting, like is used out of the box in MVC. This is because it more or less forces you to put the primary key in the URL and does not have a good way to map characters that are not allowed in URLs, like '.
Did you checked the ASP .Net MVC Framework? Using that framework all your URLs are automatically mapped to Controllers which could perform any desired action (including redirecting to other URLs or controllers). You could also set custom routes with custom parameters. If you don't have seen it yet, maybe it will worth the look.

Non server specific proxy?

I have a widget that is added to random websites. The widget needs to fill an iframe with content. I need the iframe source to be from the same domain as the website it is embedded in.
To do this I want to ask the site owners to put a file in their root folder that will be used as a proxy to my server.
My question is -how can I implement such proxy with static html/js/? file without using a server side scripting?
I'm not really clear how such a proxy would work/help either way. Are you looking for something like <base />?
The only issue with the base element is that it can't be turned off once it's turned on. If the iframe is the last thing on the page, or at least the last thing with either src or href, you could set it just above. But I'm not sure that this will allow js to access the iframe as though it were by proxy.
And again, I'm still not sure how a file on the remote server will make the iframe seem like it's on your domain. And I have serious doubts whether the site owners will extend such a favor, since doing so would allow hackers to use your site as a backdoor into their server.
I'm not sure how browsers/js policy is in terms of redirects and rewrites, but maybe you could go with something like pointing the iframe to your own server, and having that page actually go to their page, either by mod_rewrite or a redirect. Either way would be server side, so maybe that's not an option. I have heard tale of another thing that works, but have yet to see it in action... You have the site owners add a script with:
document.domain = "yourserver.net";
And be sure to set it on your script as well. This makes them play nice, supposedly. But they may not go for that if it breaks their site for other things, unless there is someway their page can tell it's inside of an iframe and can set that property conditionally.
Good luck

Resources