I am building a simple API gateway application in which I am proxying my requests to another service using the Zuul library. Apart from the Zuul library, I am using another library containing a Filter which is being hit before the request being proxied by Zuul and this is causing undesired behaviour.
Is there a way to proxy a request using Zuul before hitting other Filters?
I tried to make use of the pre filter to try to find a way to skip the other library's filter but this still gets executed after the other filter.
Is there a way around this using any configuration from Zuul? The only option which I am thinking of right now is to create a Filter superseding the other library's one in order to bypass the filter or else proxying the request myself without passing through Zuul.
Related
I have an NGINX config in an API gateway repo that handles requests and routes them to back-end microservices.
Currently I have it so users can use REST to easily make requests. The requests get handled and routed to the appropriate microservice with NGINX.
However, the back-end services also have gRPC integrated. Ideally, I want it so that users can pass in REST requests to the API gateway (easier for external clients), and then I can translate the REST (JSON) to gRPC (protobuf) to route the requests with gRPC (faster for internal communication) to the back-ends.
I believe it would require some sort of middleware in the API gateway that intercepts requests, translates them to protobuf, and then routes them with gRPC pass using NGINX. Is there a way to intercept or manipulate incoming requests on the fly with NGINX?
I found this http://web.archive.org/web/20180322022735/https://tarunlalwani.com/post/request-capturing-nginx-lua/
Which essentially logs the requests that come into NGINX. I feel like it may be on the right path, but I would need to manipulate the requests before they are routed. Maybe a separate script called before the proxy path so instead of logging after the request is routed, the request can be changed before?
I want an API-gateway/reverse-proxy to intercept HTTP requests from a third party (which I have no control over aside from a single URL that gets invoked). I need it to intercept requests to do the following;
Extract a value from the body of the HTTP request from the third party
Invoke a synchronous HTTP request to an existing back-end route using the value from #1 as a param
Route the request to one of two different locations based on the response value of #2
Is it possible to do something like this using NGINX or some other open source reverse proxy (e.g. Envoy, HA Proxy, etc)?
I know I can do this using a bespoke back-end application e.g. .NET Core, Java, etc., but I'm hoping I can avoid having to do this. I need the API gw regardless, so hoping to handle all the routing in this layer if possible...
i am taking a course in web data so i understand that when we want to retrive a webpage on a browser we do a request response cycle using a communication protocol like http or https and a web service is a piece of software which i dont know where it is stored or how it is accessed so we can make two applications from different architectures communicate using a serialization language like XML or JSON i dont know what is the difference between a web service and http they are both a way to connect 2 different computers together and what confused me the more is api which according to the research i did is something used to access web services.
Let's begin with defining all the terms in your question since it's a bit all over the place.
HTTP (Hypertext-Transport Protocol): Allows you to transfer data over the web. Your browser will perform a request using HTTP to your web service.
Service: Any software that performs a specific task. We are interested in a web service, which is typically invoked via HTTP, however this can be anything else such as a Linux signal.
For now, let's assume it listens on HTTP.
API (Application Programming Interface): An interface by which all clients of your software have to abide by to use it. For example, in our web service, we can dictate an API so requests follow some convention.
Let's put it all together now.
You're making a website that wants to calculate the sum of two numbers. First, users will go to http://yoursite.com, and then the browser will always do an HTTP request to the domain yoursite.com on port 80. This will hit either your hosting site or some backend server.
Here you have the option if you're using something like GitHub pages to serve static content or you have some server (i.e., serverd) that will load a file and serve it.
So now the web-browser did an HTTP request and your webpage should load with an index.html. The user can now click on buttons, and everything looks good until they press Calculate -- what happens now?
We want to offload the computation to our backend. We perform an HTTP request to our backend server. We can define an API, that is in our case an endpoint, so that the HTTP request can hit it and it'll return the sum of the two numbers.
How do we return the result? We need to represent the data somehow, and this can be done through a body payload that is encoded as either JSON or XML. Again, this is a serialization format and can encode it in various different ways. JSON is nice because you can parse it easily with JavaScript on the client side.
Great -- so now we got an entire site and it works! Now we can do an HTTP request from our browser straight to the backend according to our setup endpoint and it should fulfill our request. Notice how now we're using the API from the backend server from within our site.
Other keywords you can may run into: CORS, AJAX, Apache Server; good luck!
We wish to build a web app that will consume our REST API and looking for a way to circumvent the Same Origin Policy security feature.
We have a REST API which is served from api.ourdomain.com from SERVER_1.
We have a Web App which is server from dashboard.ourdomain.com from SERVER_2.
The Web App communicates with the REST API using ajax calls that include GET, POST, DELETE and PUT requests.
At some point in the future, we might consider allowing 3rd party sites to access the API from their own sites and domains.
Due to the Same Origin Policy security feature of the browsers, these requests are not allowed.
We are looking for ways to circumvent this.
Solutions we have encountered:
Tunneling the requests through our proxy. This will slow down the app and requires more resources.
JSONP - Will only work for GET requests. We do not wish to overload the GET requests with post/put/delete capabilities.
Using an iFrame with document.domain set to the same domain. Will only work for sites under ourdomain.com.
Frameworks such as EasyXDM. Seems like a good solution.
Thank you!
I don't know EasyXDM but I have the same architecture you are talking about in more than one application. We use your suggested solution (1). In my opinion proxying the requests through a common subdomain is the cleanest solution. I don't think that this is a performance problem. Many sites use something like nginx anyway to do some sort of reverse proxy (as cache). You could easily tunneling your API through http://[yourhost]/api and the rest of the HTML, CSS and image resources through other paths.
The question is as simple as the title. I have a webapp (I have no clue as to what technology it was built on or what appserver it is running on). However, I do know that this webapp is being served by an Apache Server/ IIS Server / IBM Http Server. Now, I would like to have a plugin/ module / add-on at the web-server end, which would parse/truncate/cut/regex the http response (based on the requested url's pattern), and mask(encrypt/shuffle/substitute) a set of fields in this response based on different parameters(user's LDAP permissions in the intranet / user's geo-location if on the internet, etc) and send the altered response back to the user.
So, Is there an easy answer to creating such plugins/modules/add-ons? How feasible is this approach of creating extra software at the webserver, when you want to mask sensitive information in a webapp without modfying the web-app code? Are there any tools that help you do this for Apache?
And, finally, is this just a really crazy thing to try?!
Each webserver will have its own way of doing so.
There is no universal plugin architecture for webservers.
In IIS you would write an HTTP Handler or HTTP Module, or possibly an ISAPI Filter. You can also directly interact with the http response using the Response object exposed by the HttpContext.
With apache, there are different modules that can do what you want (mod_headers, for example).
I don't know anything about WebSphere, but I am certain it also has similar mechanisms.
What you are asking is required by most web applications, so would be either built in or very easy to do.
The easiest way is to add a plug-in using the web application container. For example, if it's Tomcat, you can add a filter or valve.
If you want to plug-in to the web server, you'd need to write a custom module using the API of whichever web server is being used.
If all else fails, you could always wrap the entire server in a reverse proxy. All requests would go through your proxy and that would give you the opportunity to modify the requests and the responses.