Title: Integration Points: Gateways, Tunnels, and Relays
1Integration Points Gateways,Tunnels, and Relays
2Outline
- How gateways interface HTTP with other protocols
and applications - How application interfaces allow different types
of web applications to communicate with one
another - How tunnels let you send non-HTTP traffic over
HTTP connections - How relays, a type of simplified HTTP proxy, are
used to forward data one hop at a time
3Why Gateways?
Client is requesting http//www.joes-hardware.com
/query-db.cgi?newproducts
Request message
GET /query-db.cgi?newproducts HTTP/1.1 Host
WWW.joes-hardware.com Accept
Database
Response message
client
HTTP/1.0 200 OK NEW product list
Gateway
www.joes-hardware.com
4Different types of Gateways
(A) HTTP/FTP server-side FTP gateway
HTTP
FTP
Server
HTTP client
Gateway
(b) HTTPS/ HTTP client-side security gateway
HTTP
SSL
Gateway
Server
HTTPS client
CGI(or other API)
(c) HTTP/CGI server-side application gateway
HTTP
App server
Program
HTTP client
Application server gateway
5Protocol Gateways
(b)Navigator manual proxy settings
(a)MSIE manual proxy settings
6HTTP/ Server-Side Web Gateways
GET http//www.cnn.com/ HTTP/1.0 Host
www.cnn.com User-agent SuperBrowser 4.2
HTTP
Web server
(www.cnn.com)
HTTP client
8080
HTTP
FTP
GET ftp//ftp.irs.gov/pub/00-index.txt
HTTP/1.0 Host ftp.irs.gov User-agent
SuperBrowser 4.2
FTP server
HTTP/FTP gateway
(ftp.irs.gov)
(gw1.joes-hardware.com)
7HTTP/ Server-Side Web Gateways
USER anonymous PASS joe CWD /pub TYPE A MDTM
00-index.txt PASV PETR 00-index.txt
GET ftp//ftp.irs.gov/pub/00-index.txt
HTTP/1.0 Host ftp.irs.gov User-agent
SuperBrowser 4.2
Port 21
FTP control connection
HTTP
HTTP client
FTP data connection
HTTP/FTP inbound conversion gateway
data
FTP server
Inbound
8HTTP/HTTPSserver-Side Security Gateways
GET http//www.cnn.com/ HTTP/1.0 Host
www.cnn.com User-agent SuperBrowser 4.2
Mdsnrt734tngfd/pofgdaoij.lod8skd90827/lksdjs_at_(_at_
Port 443
HTTP over SSL(HTTPS)
HTTP
HTTP client
HTTP/HTTPS inbound security gateway
secure web server
9HTTP/HTTPSClient-Side Security Accelerator
Gateways
Protected internal LAN
GET http//www.cnn.com/ HTTP/1.0 Host
www.cnn.com User-agent SuperBrowser 4.2
Mdsnrt734tngfd/pofgdaoij.lod8skd90827/lksdjs_at_(_at_
HTTP over SSL(HTTPS)
HTTP
Browser
HTTP/HTTPS security accelerator gateway
www.cnn.com
10Resource Gateways
Application server
HTTP
Client A
Camera device and software
10110
E-commerce application
HTTP
Client B
11Common Gateway Interface
- The first popular API for application gateways
was the Common Gateway Interface (CGI). - It is a standardized set of interfaces that web
servers use to - launch programs in response to HTTP requests for
special URLs, - collect the program output,
- and send the output back in HTTP response.
- Over the past years, commercial web servers have
provided more sophisticated, efficient interface
for the same purpose.
12CGI
- Was the first and probably still is the most
widely used server extension. - Applications
- Dynamic HTML output,
- Credit card processing,
- Query database
- Can be implemented in almost any language,
including Perl, Tcl, C, and various shell
languages. - Because of its simplicity, almost all HTTP
servers support CGI.
13Server gateway application mechanics
Server internal view
Server process
Request 1
Request Data
Request 2
Request N
Server system
Response 1
Response 2
Response N
Response Data
14CGI is wonderful?
- Yes!
- It provides a simple, functional form of glue
between servers and much type of resource. - The interface also is elegant in protecting the
server from buggy extensions. - NO!
- This separation incurs a cost in performance.
- The overhead to spawn a new process for every CGI
request is high, limiting the performance of
server. - New form of CGI- Fast CGI (run as a persistent
daemon)
15Server Extension APIs
- Allow programmer to graft their own code onto the
server, - Or completely swap out a component of the server
and replace it with their own. - Most popular servers provide one or more
extension APIs for developers. - Most of them are specific to server type, because
of its functions tied to server architecture. - For example, Microsofts Frontpage Server
Extension (FPSE), which interpret RPC command
sent by FrontPage client. Those commands are
piggybacked on HTTP (specifically, on POST
method).
16Tunnels
- Enable access to applications that speak non-HTTP
protocols through HTTP applications. - Web tunnels are established using HTTPs CONNECT
method, which is not part of the core HTTP/1.1,
but it is a widely implemented extension.
17Using CONNECT to establish an SSL tunnel
18Tunnels let non-HTTP traffic flow through HTTP
connections
19SSL Tunneling
20Tunnel Authentication
21Relays
(b) Server wont close connection when done
because It thinks it has been asked to speak
keep-alive
(b) ConnectionKeep Alive
(a)Connectionkeep-Alive
Blind relay
(d) ConnectionKeep Alive
(c) ConnectionKeep Alive
client
(c) Relay waits for connection to close ignoring
any new requests on the connection
server
(e) Next request
(f)Clients second request on the keep-alive
connection just hangs because the relay never
processes it
22For More Information
- http//www.w3.org/Protocols/rfc2616/rfc2616.txt
- RFC 2626 Hypertext Transfer Protocol by R.
Fielding , J. Gettys , J. Mogul,H. Frystyk , L.
Masinter , P. Leach , T. Berners-Lee - Web Proxy Servers
- Ari Luotonen,Prentice Hall Computer Books.
- http//www.alternic.org/drafts/drafts-l-m/draft-lu
otonen-web-proxy-tunneling-01.txt - Tunneling TCP based protocols through Web proxy
servers - http//cgi-spec.golux.com
- The Common Gateway Interface-RFC Project Page
23For More Information
- http//www.w3.org/TR/2001/WD-soap12-part0-20011217
/ - W3C-SOAP Version 1.2 Working Draft
- Programming Web Services with SOAP
- James Snell,Doug Tidwell,and Pavel
Kulchenko,OReilly Associates,Inc - http//www.w3.org/TR/2002/WD-wsa-reqs-20020429
- W3C-Web Services Architecture Requirements
- Web Services Essentials
- Ethan Cermai,OReilly associates,Inc.