I'm investigating the use of http-proxy-middleware / node-http-proxy as a reverse proxy. Does anyone know if this is really possible?
I've already setup http-proxy-middleware so that I can proxy a request through it (the results are displayed in an iframe), and I'm also able to modify the request headers and html results. Specifically, I'm setting the host/origin headers and rewriting the result to change embedded links so that they go through the proxy as well.
But, some links are generated by js, and rewriting javascript responses seems to be very difficult to do correctly.
Is there a way to do this without rewriting links? I.e., is there any method to configure the iframe to automatically send all requests through the proxy?
Or maybe this is not really possible, and I'd need to use a full proxy like Squid?
Thanks!
This does seem to be possible, to a limited extent. http-proxy-middleware can be configured to edit response headers and to also rewrite the response body, so that links can be rewritten to use the proxy URL. XmlHttpRequest and fetch() requests can also be intercepted to rewrite the requests to use the proxy URL.
Use of a reverse proxy should be 100% transparent to clients and your application code, with zero code changes. So perhaps it is a design problem where I can clarify requirements for you.
URL DESIGN
As an API example, I might design URLs as follows for an API:
Public URL: https://api.mycompany.com/products
Internal URL: https://productservice.internal.com:3000
Note that the public URL of the API is actually that of a route within the reverse proxy.
An internet client would only ever use the public URL. If the internal API ever returns URLs to internet clients, it needs to be configured to use the public URL.
REVERSE PROXIES
The most mature options are probably the nginx based ones, which provide both declarative routing and also the ability to write any logic you like via plugins. There are plenty of examples in Curity guides, which may make you aware of some use cases
A mainstream option is to use the proxy-pass directive to route to an internal URL. The same pattern should work for the node RP you mention, though for simple tasks no custom logic should be needed.
Header configuration is a common thing to do in the RP, eg to ensure that the component receives the original client's IP address, rather than that of the RP, but that is often optional.
MISBEHAVING BACKEND COMPONENT
Perhaps this is the root of the problem - if a website returns the internal URL, eg in redirects or image URLs, then it is wrong. Many tech stacks will have a property such as BaseUrl that fixes this.
I have an app (similar to the Employee Directory example) that pulls down a JSON file from the client's server on a daily basis (Business Continuity info that rarely changes).
Currently I have the URL as a variable in my globals.js which points to their internal web server.
They now want to make the URL variable point to a URL which is in fact a URL redirect. The redirect will be dynamic (well, sort of) that will point to where the file resides.
The "autoRedirect" property does not seem to be working for this on either the iOS or Android builds.
Does anyone have any ideas as to how I can do this?
Could it be that the redirects switches protocol? Like from http to https or visa versa? Because that might indeed not work as its considered bad practice.
If not, then it it looks like you've found a bug. Please check if this is a known issue at the Appcelerator JIRA. If it's not, create a ticket, link to this question but also provide reproducible code, steps and environment information in the ticket itself. Don't forget to drop a link to the ticket here so that others can watch it with you.
we developed an application in java with springs in back end and j query in front end for a client and is working fine in our local, but when moved to customer side testing environment they are facing a security risk warning in Internet explorer. it says that "this page contains information that is not under its control. This poses a security risk. Do you want to continue?"
but in our local environment we never faced such issue.
the application has lot of AJAX calls going on each and every page to load data, and not in all pages the error is coming.. only in some pages the error is coming for the customer.
we need to re create the issue in our local in order to analyze the root cause and fix.
can anyone here help me how to re create the cross domain problem in local.
The problem comes when your web is under hpps (https url) but the browser is calling http for load part of the content (ajax, images, etc.). All references in your page should be to https for avoid the alert in IE. I am afraid there is no other way. Relatives urls will avoid you change from http to https from one environment to another.
This seems like a simple question, but I just can't seem to wrap my head around it...
I have a simple html page. All that html page does is looks to see whether a browser cookie is present, and if it is, it will write a message that says "Found the cookie".
In order for this html page to work, it needs to be opened in a browser using a url that uses a specific domain "mytestsite.org" in the path in order to work. So I want to be able to open that page in a browser using a url like "www.mytestsite.org/mytestpage.html". Easy enough...
When I use this test page locally, I just deploy it to a local JBoss server, then make a mapping in my "hosts" file (I'm on Windows XP), that maps my local IP to "local.mytestsite.org". This tricks the browser into thinking that it is actually getting the page from "mytestsite.org", when it is actually being served by my local JBoss server.
I want to give this html file to another person who is going to use it on their pc. However, they don't have any sort of http server installed, so the little host mapping trick won't work. I don't want to make them go through the trouble of installing a server just to get this test page to work. Additionally, I can't physically put this file on "mytestsite.org".
Any thoughts on how I could open this page through a "mytestsite.org" url through a browser, without actually having it deployed to a server?
Is your test machine with JBoss installed accessible from the Internet? If so, you may ask the other person to add a mapping to their hosts file, that maps local.mytextsite.org to the public IP of your test machine.
When I look at Amazon.com and I see their URL for pages, it does not have .htm, .html or .php at the end of the URL.
It is like:
http://www.amazon.com/books-used-books-textbooks/b/ref=topnav_storetab_b?ie=UTF8&node=283155
Why and how? What kind of extension is that?
Your browser doesn't care about the extension of the file, only the content type that the server reports. (Well, unless you use IE because at Microsoft they think they know more about what you're serving up than you do). If your server reports that the content being served up is Content-Type: text/html, then your browser is supposed to treat it like it's HTML no matter what the file name is.
Typically, it's implemented using a URL rewriting scheme of some description. The basic notion is that the web should be moving to addressing resources with proper URIs, not classic old URLs which leak implementation detail, and which are vulnerable to future changes as a result.
A thorough discussion of the topic can be found in Tim Berners-Lee's article Cool URIs Don't Change, which argues in favour of reducing the irrelevant cruft in URIs as a means of helping to avoid the problems that occur when implementations do change, and when resources do move to a different URL. The article itself contains good general advice on planning out a URI scheme, and is well worth a read.
More specifically than most of these answers:
Web content doesn't use the file extension to determine what kind of file is being served (unless you're Internet Explorer). Instead, they use the Content-type HTTP header, which is sent down the wire before the content of the image, HTML page, download, or whatever. For example:
Content-type: text/html
denotes that the page you are viewing should be interpreted as HTML, and
Content-type: image/png
denotes that the page is a PNG image.
Web servers often use the file extension if the file is served directly from disk to determine what Content-type to assign, but web applications can also generate pages with any Content-type they like in response to a request. No matter the filename's structure or extension, so long as the actual content of the page matches with the declared Content-type, the data renders as intended.
For websites that use Apache, they are probably using mod_rewrite that enables them to rewrite URLS (and make them more user and SEO friendly)
You can read more here http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
and here http://www.sitepoint.com/article/apache-mod_rewrite-examples/
EDIT: There are rewriting modules for IIS as well.
Traditionally the file extension represents the file that is being served.
For example
http://someserver/somepath/image.jpg
Later that same approach was used to allow a script process the parameter
http://somerverser/somepath/script.php?param=1234&other=7890
In this case the file was a php script that process the "request" and presented a dinamically created file.
Nowadays, the applications are much more complex than that ( namely amazon that you metioned )
Then there is no a single script that handles the request ( but a much more complex app wit several files/methods/functions/object etc ) , and the url is more like the entry point for a web application ( it may have an script behind but that another thing ) so now web apps like amazon, and yes stackoverflow don't show an file in the URL but anything comming is processed by the app in the server side.
websites urls without file extension?
Here I questions represents the webapp and 322747 the parameter
I hope this little explanation helps you to understand better all the other answers.
Well how about a having an index.html file in the directory and then you type the path into the browser? I see that my Firefox and IE7 both put the trailing slash in automatically, I don't have to type it. This is more suited to people like me that do not think every single url on earth should invoke php, perl, cgi and 10,000 other applications just in order to sent a few kilobytes of data.
A lot of people are using an more "RESTful" type architecture... or at least, REST-looking URLs.
This site (StackOverflow) dosn't show a file extension... it's using ASP.NET MVC.
Depending on the settings of your server you can use (or not) any extension you want. You could even set extensions to be ".JamesRocks" but it won't be very helpful :)
Anyways just in case you're new to web programming all that gibberish on the end there are arguments to a GET operation, and not the page's extension.
A number of posts have mentioned this, and I'll weigh in. It absolutely is a URL rewriting system, and a number of platforms have ways to implement this.
I've worked for a few larger ecommerce sites, and it is now a very important part of the web presence, and offers a number of advantages.
I would recommend taking the technology you want to work with, and researching samples of the URL rewriting mechanism for that platform. For .NET, for example, there google 'asp.net url rewriting' or use an add-on framework like MVC, which does this functionality out of the box.
In Django (a web application framework for python), you design the URLs yourself, independent of any file name, or even any path on the server for that matter.
You just say something like "I want /news/<number>/ urls to be handled by this function"