We have a webhooks applications that only takes https as part of the callback URL. The application sends a POST request to the callback URL as a notification of some events. To be free of any 3rd party applications, we are trying to test the application using a mock/embedded web server behind the callback URL that is started by the integration test process.
However, after trying wiremock or jetty, it seems I cannot get around the SSL cert check from the webhooks application or client side, even though the callback URL can be set to https://127.0.0.1:someport :( The webhooks application we are testing resides in a different box than the one in which the integration tests are run.
Can someone please give me some hint/clue to solve this? Deeply appreciate it
thank you, a-kootstra, Actually it is not possible. I was confused. The webhooks applications lives on a separate server than the one from which tests are run. So the requests sent to localhost in our webhooks server will never reach the test server. I solved the problem by using AWS API gateway and DynamoDB. Worked perfectly. And no SSL certs issue either
Related
I'm having an issue with a project I'm working on. I have a Vue client which does API calls to my backend which is written in .NET Core 3.1. Both these applications are deployed on diffent servers.
Now the problem is that my backend server does not allow me to do API calls straight from the browser. So I have to do some kind of 'redirect' on the client server to reach my API.
So for example:
If I call backend_server/api/values I get an error (Firewall).
I think I should make like a second API or something, but I'm not sure how to handle this issue.
Does anybody have any experience on this? Any help is welcome!
Kind regards
You can have multiple options here
Remove the firewall rule -
This will allow your API to get hit from browser. If firewall is not managed by you you can't do this
Add IP or Port exception rule in firewall -
Instead of deactivating the entire inbound rule on server, you can allow specific ports or IP on firewall. Again if you have control on firewall
Create Proxy API -
Another way is you can create a middleware API that forwards your request and acts as a proxy. This will suffice performance, resource, time and compromise security. I recommend not to do this, But it's easily possible in .NET Core
Specify CORS policy -
If your Vue.js and API originates from same origin (IP), You can configure CORS in server which will restrict access to API only from same origin. That means only www.google.com can access GoogleAPI, Likewise. This will protect the API from other origins
Tunnel via VPN -
If security is a concern, Use a VPN service to tunnel your API requests. This can't be possible for every client using your web service.
The best way is to open a specific rule on server for your application if possible. Writing a proxy in between will have lot of disadvantages although can be accomplished.
I have WCF RESTful services running on IIS6. (public exposed on internet)
example
http://{domain}:8000/todoService.svc/countPerLabel?uMID={uMID}&userID={userID}
I have setup APIGEE proxy API manager gateway to call the the WCF services.
http://{APIGEE}/v1/todo/countperlabel?uMID={uMID}&userID={userID}
Case A. When i call the APIGEE url for the first time it works - but when i make another call it delays for few seconds and response with timeout/service unavailable.
If i wait for about 10 minutes and calls the service again Case A occurs.
I am not able to understand - if i call my service url independently without APIgee everything works well.
I don't not want to give third party developer access to naked API url therefore like to secure it using either APIgee or WSO2.
Is it something to do with proxy issues where my IIS6 not able to respond back to request from proxy server?
Kindly suggest.
Thanks
It seems you are having multiple endpoints. First call goes to one endpoint and the second to another one. Why dont you try a third call as well. If it works and the fourth one fails, then my explanation is correct. If it is the case, one of your endpoints may be having firewall issues.
I created an asp.net mvc application that utilizes Google's analytic's API. The application was working for a short period, it then stopped working. By stopped working it is unable to make a connection to google. This problem occurs at my work environment. I tried the application at home and it works fine. I think my organization is blocking the application connection. I created a console version of the web app and it works fine.
Do web apps and console app make different external server requests?
How do I diagnosis the problem so I can make a request to the help desk as to what ports they are blocking.
thanks,
thanks for the help guys. I managed to route the api calls through a proxy server.
Application worked fine after that. Here is a link to using a proxy with the api.
http://code.google.com/apis/gdata/articles/proxy_setup.html
Try using Fiddler, is a HTTP proxy that maybe can five you the information that you need. Other option would be mabye using Wireshark, for scanning too, but I'm not sure about it cause I never used it.
You need to install the tools on the client that is making the requests to Google
I hope this helps
I'm working on a video conferencing app.
We have a server running erlyVideo for internal video streaming.
We have a rest service on our web server for our erlyVideo server to call to validate session keys from our external site.
What we're stuck on is how to hook into new connections to pass the session key to the REST service to decide whether or not to terminate the connection.
Any thoughts?
What's wrong with using authentication described in their docs?
http://erlyvideo.org/authorization
You need to use apps_rewrite_play module:
{rtmp_handlers, [...., {apps_rewrite_play, "http://rest-service"},...]},
The question is as simple as the title. I have a webapp (I have no clue as to what technology it was built on or what appserver it is running on). However, I do know that this webapp is being served by an Apache Server/ IIS Server / IBM Http Server. Now, I would like to have a plugin/ module / add-on at the web-server end, which would parse/truncate/cut/regex the http response (based on the requested url's pattern), and mask(encrypt/shuffle/substitute) a set of fields in this response based on different parameters(user's LDAP permissions in the intranet / user's geo-location if on the internet, etc) and send the altered response back to the user.
So, Is there an easy answer to creating such plugins/modules/add-ons? How feasible is this approach of creating extra software at the webserver, when you want to mask sensitive information in a webapp without modfying the web-app code? Are there any tools that help you do this for Apache?
And, finally, is this just a really crazy thing to try?!
Each webserver will have its own way of doing so.
There is no universal plugin architecture for webservers.
In IIS you would write an HTTP Handler or HTTP Module, or possibly an ISAPI Filter. You can also directly interact with the http response using the Response object exposed by the HttpContext.
With apache, there are different modules that can do what you want (mod_headers, for example).
I don't know anything about WebSphere, but I am certain it also has similar mechanisms.
What you are asking is required by most web applications, so would be either built in or very easy to do.
The easiest way is to add a plug-in using the web application container. For example, if it's Tomcat, you can add a filter or valve.
If you want to plug-in to the web server, you'd need to write a custom module using the API of whichever web server is being used.
If all else fails, you could always wrap the entire server in a reverse proxy. All requests would go through your proxy and that would give you the opportunity to modify the requests and the responses.