1

Integration Points: Gateways,

Tunnels, and Relays

Herng-Yow Chen

2

Outline How gateways interface HTTP with other

protocols and applications How application interfaces allow different

types of web applications to communicate with one another

How tunnels let you send non-HTTP traffic over HTTP connections

How relays, a type of simplified HTTP proxy, are used to forward data one hop at a time

3

Why Gateways?

clientwww.joes-hardware.com

Gateway

Database

HTTP/1.0 200 OK

NEW product list:

…

Response message

GET /query-db.cgi?newproducts HTTP/1.1

Host: WWW.joes-hardware.com

Accept: *

Request message

Client is requesting:

http://www.joes-hardware.com/query-db.cgi?newproducts

4

Different types of Gateways

Gateway

GatewayHTTPS client

HTTP client

HTTP client

Server

Server

HTTP FTP

HTTPSSL

HTTP

CGI(or other API)

App serverProgram

(c) HTTP/CGI server-side application gateway

(b) HTTPS/ HTTP client-side security gateway

(A) HTTP/FTP server-side FTP gateway

Application server gateway

5

Protocol Gateways

(a)MSIE manual proxy settings (b)Navigator manual proxy settings

6

HTTP/*: Server-Side Web Gateways

Web server

FTP server

HTTP client

FTP

8080

HTTP/FTP gateway(gw1.joes-

hardware.com)

GET ftp://ftp.irs.gov/pub/00-index.txt HTTP/1.0

Host: ftp.irs.gov

User-agent: SuperBrowser 4.2

HTTP

GET http://www.cnn.com/ HTTP/1.0

Host: www.cnn.com

User-agent: SuperBrowser 4.2

HTTP

(www.cnn.com)

(ftp.irs.gov)

7

HTTP/*: Server-Side Web Gateways

HTTP clientHTTP

FTP server

Port 21

GET ftp://ftp.irs.gov/pub/00-index.txt HTTP/1.0

Host: ftp.irs.gov

User-agent: SuperBrowser 4.2

USER anonymous

PASS joe

CWD /pub

TYPE A

MDTM 00-index.txt

PASV

PETR 00-index.txt

HTTP/FTP inbound conversion gateway

FTP control connection

FTP data connection

…data…

Inbound

8

HTTP/HTTPS:server-Side Security Gateways

HTTP clientHTTP

secure webserver

HTTP/HTTPS inbound security gateway

Port 443HTTP over

SSL(HTTPS)

GET http://www.cnn.com/ HTTP/1.0

Host: www.cnn.com

User-agent: SuperBrowser 4.2

Mdsnrt734tngfd/pofgdaoij.lod8skd90827/;lksdjs#@#(@#……

9

HTTP/HTTPS:Client-Side Security Accelerator Gateways

BrowserHTTP/HTTPS security accelerator gateway

Mdsnrt734tngfd/pofgdaoij.lod8skd90827/;lksdjs#@#(@#……

HTTP over SSL(HTTPS)

GET http://www.cnn.com/ HTTP/1.0

Host: www.cnn.com

User-agent: SuperBrowser 4.2

HTTP

www.cnn.com

Protected internal LAN

10

Resource Gateways

Web camera API

E-commerce API

Client A

Client B

$$10110$$

Camera device and software

E-commerce application

Application server

HTTP

HTTP

11

Common Gateway Interface

The first popular API for application gateways was the Common Gateway Interface (CGI).

It is a standardized set of interfaces that web servers use to launch programs in response to HTTP requests

for special URLs, collect the program output, and send the output back in HTTP response.

Over the past years, commercial web servers have provided more sophisticated, efficient interface for the same purpose.

12

CGI Was the first and probably still is the most wid

ely used server extension. Applications

Dynamic HTML output, Credit card processing, Query database

Can be implemented in almost any language, including Perl, Tcl, C, and various shell languages.

Because of its simplicity, almost all HTTP servers support CGI.

13

Server gateway application mechanics

Spawned gateway process#1Spawned gateway process#2Spawned gateway process#N

Request 1

Request 2

Request N

Server system

Response 1

Response 2

Response N

Server process

Request Data

Response Data

Server internal view

14

CGI is wonderful?

Yes! It provides a simple, functional form of glue betwee

n servers and much type of resource. The interface also is elegant in protecting the serve

r from buggy extensions.

NO! This separation incurs a cost in performance. The overhead to spawn a new process for every CGI

request is high, limiting the performance of server. New form of CGI- Fast CGI (run as a persistent daem

on)

15

Server Extension APIs Allow programmer to graft their own code ont

o the server, Or completely swap out a component of the se

rver and replace it with their own. Most popular servers provide one or more exte

nsion APIs for developers. Most of them are specific to server type, because of

its functions tied to server architecture. For example, Microsoft’s Frontpage Server Extens

ion (FPSE), which interpret RPC command sent by FrontPage client. Those commands are piggybacked on HTTP (specifically, on POST method).

16

Tunnels

Enable access to applications that speak non-HTTP protocols through HTTP applications.

Web tunnels are established using HTTP’s CONNECT method, which is not part of the core HTTP/1.1, but it is a widely implemented extension.

17

Using CONNECT to establish an SSL tunnel

18

Tunnels let non-HTTP traffic flow through HTTP connections

19

SSL Tunneling

20

Tunnel Authentication

21

Relays

clientserver

Blind relay(a)Connection:keep-Alive

(b) Server won’t close connection when done becauseIt thinks it has been asked to speak keep-alive

(c) Connection:Keep Alive

(b) Connection:Keep Alive

(d) Connection:Keep Alive

(c) Relay waits for connection to close ignoring any new requests on the connection(e) Next request

(f)Client’s second request on the keep-alive connection just hangs because the relay never processes it

22

For More Information

http://www.w3.org/Protocols/rfc2616/rfc2616.txt RFC 2626” Hypertext Transfer Protocol” by R. Fielding , J. G

ettys , J. Mogul,H. Frystyk , L. Masinter , P. Leach , T. Berners-Lee

Web Proxy Servers Ari Luotonen,Prentice Hall Computer Books.

http://www.alternic.org/drafts/drafts-l-m/draft-luotonen-web-proxy-tunneling-01.txt

“Tunneling TCP based protocols through Web proxy servers”

http://cgi-spec.golux.com The Common Gateway Interface-RFC Project Page

23

For More Information

http://www.w3.org/TR/2001/WD-soap12-part0-20011217/ W3C-SOAP Version 1.2 Working Draft

Programming Web Services with SOAP James Snell,Doug Tidwell,and Pavel Kulchenko,O’Reilly & Associat

es,Inc http://www.w3.org/TR/2002/WD-wsa-reqs-20020429

W3C-Web Services Architecture Requirements Web Services Essentials

Ethan Cermai,O’Reilly & associates,Inc.