Wednesday Nov 05, 2008

How to log Host header in web 6.1SPx

If you need to see the incoming request Host header logged in the web server 6.1SPx logs, then you can try below:


add last one below in magnus.conf, i.e. %Req->headers.host%

Init fn="flex-init" access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \\"%Req->reqpb.clf-request%\\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length% %vsid%  %Req->headers.host% "


then it will log the host header of the incoming request, e.g.


apple:/export/home/iws6.1sp10> telnet localhost 60103
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
GET /banner.html HTTP/1.1
Host: dummytest  (note this)

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 05 Nov 2008 10:45:37 GMT
Content-length: 1827
Content-type: text/html
Last-modified: Mon, 29 Sep 2008 08:37:07 GMT
Etag: "723-48e093b3"
Accept-ranges: bytes
...........


 The log will show,


127.0.0.1 - - [05/Nov/2008:18:45:37 +0800] "GET /banner.html HTTP/1.1" 200 1827 https-sess  dummytest

You can see the Host: dummytest  in the last column above.


See more at
http://docs.sun.com/app/docs/doc/820-1639/6nda10e4a?l=ja&a=view


e.g. add Req->headers.cookie.cookie_name for


Easy Cookie Logging

Thursday Jul 10, 2008

NSAPI code to add Expires header in web 6.1SP9

Guy asked about how to add Expires header  with "access plus 1 day" in my post yesterday, see more at


http://blogs.sun.com/walter/entry/how_to_add_expires_header#comments


I pointed him to


http://forum.java.sun.com/thread.jspa?threadID=5019803&messageID=9052343#9052343


and I tested it work ok, so like to share with all of you.


You can download the ready to use expire.so and its source at


http://blogs.sun.com/walter/resource/code/expire.c


(source code) 


and ready to go .so at


http://blogs.sun.com/walter/resource/code/expire.so


(Solaris NSAPI plugin .so) 


You will also see the steps to build a NSAPI plugin below.


1. I copied the source code at


http://forum.java.sun.com/thread.jspa?threadID=5019803&messageID=9052343#9052343



into my web 6.1SP9 example NSAPI plugin directory,


apple:/export/home/iws6.1sp9/plugins/nsapi/examples>


-rw-rw-rw-   1 root     other       2862 Jul 10 13:53 expire.c


2. I made some changes to the code,


( you can see the complete code at


http://blogs.sun.com/walter/resource/code/expire.c )


a. add the needed header,


apple:/export/home/iws6.1sp9/plugins/nsapi/examples> cat expire.c

#ifdef XP_WIN32
#define NSAPI_PUBLIC __declspec(dllexport)
#else /\* !XP_WIN32 \*/
#define NSAPI_PUBLIC
#endif /\* !XP_WIN32 \*/

#include "nsapi.h"


NSAPI_PUBLIC int expire(pblock \*pb, Session \*sn, Request \*rq)
{
.......


b. you can also see I change the function name above from



kpn_set_cacheable

to

expire

because at first, I got an error earlier when I used this function name,

Service fn="kpn-set-cacheable" max-age="15724800"

because it should be underscore as below, instead of hypens above.

int kpn_set_cacheable(pblock \*pb, Session \*sn, Request \*rq)

So, when I tried this earlier, I got this error ,

[10/Jul/2008:13:55:14] config (11680): for host 129.150.154.110 trying to

GET /images/, func_exec reports: HTTP2122: cannot find function named kpn-set-cacheable

So, I changed the function name to expire to avoid any such above.

3. then I change the Makefile, there,

You can see my Makefile at

http://blogs.sun.com/walter/resource/code/Makefile 

4. then

apple:/export/home/iws6.1sp9/plugins/nsapi/examples> touch expire.c
apple:/export/home/iws6.1sp9/plugins/nsapi/examples> make
cc -DNET_SSL -DSOLARIS -D_REENTRANT -DMCC_HTTPD -DXP_UNIX -DSPAPI20 -I../../include -I../../include/base -I../../include/frame -I../../include/nspr -I/usr/include/mps -c expire.c
make prepare
ld -G expire.o -o expire.so

apple:/export/home/iws6.1sp9/plugins/nsapi/examples> ls -lrt

-rw-rw-rw- 1 root other 2862 Jul 10 14:43 expire.c
-rwxrwxrwx 1 root other 5748 Jul 10 14:43 expire.so
-rw-rw-rw- 1 root other 4536 Jul 10 14:43 expire.o

5. then add this into the end of magnus.conf,

Init fn="load-modules" shlib="/export/home/iws6.1sp9/plugins/nsapi/examples/expire.so"

funcs="expire"

(all in 1 line above)

6. added this into the end of obj.conf,


<Object ppath="/export/home/iws6.1sp9/docs/images/\*">
Service fn="expire" max-age="86400"
Service method="(GET|HEAD)" type="~magnus-internal/" fn="send-file" nocache=""
</Object>

(note - 1 day = 24 hr \* 60 min \* 60 sec = 86400 )

7. then restart,

pple:/export/home/iws6.1sp9/https-pblock/config> ../stop; ../start

8. test 1: a file inside /images dir,

apple:/export/home/iws6.1sp9/https-pblock/config> telnet apple.asia 61903
Trying 129.158.175.16...
Connected to apple.asia.sun.com.
Escape character is '\^]'.
GET /images/blank.gif HTTP/1.0

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 10 Jul 2008 06:50:15 GMT \*\*\* access time
Content-length: 43
Content-type: image/gif
Cache-control: public
Expires: Fri, 11 Jul 2008 06:50:15 GMT \*\*\* +1 day , see this below !
Last-modified: Thu, 10 Jul 2008 04:27:34 GMT
Accept-ranges: bytes
Connection: close

GIF89a€ÿÿÿ!ù
,L;Connection closed by foreign host.

So, we added the needed access +1 day timestamp into the Expires header above,

  Expires: Fri, 11 Jul 2008 06:50:15 GMT

logs:

129.158.175.16 - - [10/Jul/2008:14:50:15 +0800] "GET /images/blank.gif HTTP/1.0" 200 43

9. test2 : a file outside the /images dir,

apple:/export/home/iws6.1sp9/https-pblock/config> telnet apple.asia 61903
Trying 129.158.175.16...
Connected to apple.asia.sun.com.
Escape character is '\^]'.
GET /blank.gif HTTP/1.0

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 10 Jul 2008 06:55:36 GMT
Content-length: 43
Content-type: image/gif
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Accept-ranges: bytes
Connection: close

GIF89a€ÿÿÿ!ù
,L;Connection closed by foreign host.

(no such Expires header added as in test 1)




However, this is custom coding and used at your own risk.

(Credits should go to henkfictorie who posted this source code at

http://forum.java.sun.com/thread.jspa?threadID=5019803&messageID=9052343#9052343 )

 





Thursday Jun 12, 2008

How to mask the Server name in Sun Java Web server ?

It  is a good security practice to mask the web server name.


In Sun Java Web server 6.1 SPx, you can simply add


ServerString none  


 into magnus.conf file, then restart.


Before the change ,


apple:/export/home/iws6.1sp9> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 Jun 2008 01:33:50 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes


 Then after the change,


apple:/export/home/iws6.1sp9/https-apple.asia.sun.com/config> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Date: Thu, 12 Jun 2008 01:37:25 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes


 (Note: no more Server: Sun-ONE-Web-Server/6.1 in above headers from server.)


------------------------------------------------------------------------------------------------------------------------------------------------------- 


 For 7.0 Ux, you can do it in Admin GUI - Configurations - General - Advanced -HTTP Settings - Server Header:


 e.g. Server Header: none


Admin GUI to change server name


then you will see it inside server.xml,


cat server.xml,
..........
  <user>webservd</user>

  <http>
    <server-header>none</server-header>
  </http>

  <snmp>
 ..........


then a restart will do it.


E.g. before the above change in 7.0 Ux,


 apple:/export/home/iws7.0u2/https-migrate-sp2> telnet localhost 7028
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 Jun 2008 01:42:55 GMT
Content-type: text/html
Last-modified: Thu, 13 Jan 2005 02:34:52 GMT
Content-length: 447
Etag: W/"1bf-41e5de4c"


 after the change,


apple:/export/home/iws7.0u2/https-apple.asia.sun.com/config> telnet localhost 7023
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: none
Date: Thu, 12 Jun 2008 02:29:41 GMT
Content-type: text/html
Last-modified: Wed, 28 May 2008 06:31:58 GMT
Content-length: 447
Etag: "1bf-483cfc5e"
Accept-ranges: bytes


Hope this above can help you mask out the default web server name banner.

About

Wing-Yip Walter Lee

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today