We are using Axis 2 framework to consume an external service for which we need to route the call thru a forward proxy server. I am using the below code to prove it out in lab but seems on actual proxy server (Which is https://.....) I don't seem to have a way to interact with Axis 2 (ServiceClient) which internally is using CommonsHttpTransportSender something with which it understands that hostname being passed is to be used with HTTPS scheme.
Is there an easier way to achieve this with CommonHttpTransportSender?
Options o = s._getServiceClient().getOptions();
HttpTransportProperties.ProxyProperties proxyProperties = new HttpTransportProperties.ProxyProperties();
proxyProperties.setProxyName(config.getForwardProxyServer());
proxyProperties.setProxyPort(config.getForwardProxyPort());
o.setProperty(HTTPConstants.PROXY, proxyProperties);
After reading the RFC for Web proxy tunneling, I realize the requirement in itself is wrong, Forward proxy usually listens on HTTP protocol and simply facilitates a tunnel between client and server, if the proxy has to act as listening on HTTPS, then it would be more of a case for reverse proxy which wouldn't be applicable for HTTP proxy as question above originally stated!.
CommonsHttpTransportSender internally uses Commons HTTP Client 3.1 which uses HTTP Proxy as per RFC.
Related
I have a custom coded relay server application in VB.NET that is currently deployed as a windows service.
It accepts HTTP web requests from a client using a Tcp Listener, parses the requests and forwards it to another remotely hosted service via socket communication. The result from the service is then sent back by my relay server to the original client as a http response.
This functionality works perfectly as of now, but I would now like to upgrade my relay server to accept HTTPS requests instead of http.
I am not sure how to move ahead with this scenario.
I researched and found the following 2 options but I am not sure which is better and feasible?
One, I explicitly upgrade my current code to handle https handshake, certificate validation etc (if so, how?) or second option, can my current application be hosted on IIS to handle this scenario (if so, how)?
Thanks in advance.
A possible solution is to use IIS with Application Request Routing (ARR) as a reverse proxy in front of your service (its not possible to "Host" your service in IIS as such).
You could setup IIS/ARR with a certificate and suitable HTTPS binding, then configure ARR to proxy the HTTPS requests onto your service listening on HTTP. No changes required to your service's code.
Take a look at the following example: https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
In your case your service listening on port 80 is no different to a website running in IIS. The above example is more complicated than you need (as its reverse proxy'ing 2 websites based on a prefix of the URL), but it gives you a starting point.
A further possible step to force all traffic to use HTTPS would be to change the port your service uses (eg to 8080 instead of 80), then setup IIS to handle port 80 to perform a redirect to 443, and then use 443 and ARR to proxy your traffic to your service on 8080.2
The problem is as follows:
We have a SOAP API running behind TLS1.2 and SNI
Our main software is stuck on JDK6 where it is basically impossible to connect to a server using SNI
We need to use Axis 1.4 for SOAP calls
We have set up a simple Apache Proxy rerouting calls to http://proxyIP/foo to https://mainIP/
The proxy works like a charm when tested manually or in a browser.
However, using Axis to do the required SOAP calls fails with an Exception:
Unrecognized SSL message, plaintext connection?
What could cause this and how could we fix this?
Every idea is appreciated.
I have an application that sends a request to a web service. Unfortunately the application is compiled and the link to the web service is embedded in the application as http. (Yes I know how dumb that is, I didn't write it)
Recently, the 3rd party company is no longer allowing http requests, everything must be https.
The application runs as a webapp on Tomcat. The server is a windows server.
Is there a way to intercept the call to this web service and force it to use https?
As you can't change the application's source code (as it is compiled), and you can't change the web service (as it is 3rd party) either, the only way to solve this problem is making a proxy between the application and web service. To do that, you need to (assume the proxy is running in localhost):
As the web service URL is embedded into the compiled application, in order to let application send HTTP request to our proxy, hosts mapping need to change (e.g. /etc/hosts) to override DNS. For example, if the HTTP request in application is GET http://example.com/api/sample, in /etc/hosts, example.com need to be mapped to 127.0.0.1.
Make a proxy web server in localhost and open the same port as the web service. This proxy is a very simple web server (any backend programming tech can do it), it is only responsible for request-forwarding. In this way, when application send HTTP request to example.com, it sends the request to the proxy server.
After receiving HTTP request from application, the proxy server extract the request URL/header/body and send HTTPS request to example.com's real IP address. Please note: in this HTTPS request, a header host whose value is example.com should be added. 3rd party web service may check this header.
After the real response is returned from example.com, proxy will return it to the application.
Of course, you can also use reverse engineering (Java Decompiler) to get the application's "source code", change the web service URL and then compile again to a webapp. However, as the application may need to update/upgrade and it is may not under your control, this reverse engineering method is not recommended.
You could use a proxy script. Write it in any server-side language you want, for example PHP, set the API URL to this script, the script does the https request for you and pass the results back to your app.
You could also use Apache itself as the proxy and use something like: Apache config: how to proxypass http requests to https
I'm trying to self host two WCF services with the following url conventions:
https://service.servicehost.com/service
https://service-branch.servicehost.com/service
And I get this error:
Service cannot be started.
System.ServiceModel.AddressAlreadyInUseException: HTTP could not
register URL https://+:443/service/. Another application has already
registered this URL with HTTP.SYS. --->
I understand the error and I know how to work it around by changing the service's suffix, but it seems like the WCF self host doesn't support the host header feature like IIS does (since I see the + sign).
Is there any way I can make it happen?
I'm not sure this can be done for SelfHost/Http. With Net.Tcp you would have had to use PortSharing to make this happen.
Worst case you could potentially create a Routing Service that routes your requests to the correct service, where each is listening on a different port.
Also, take a look at the documentation for HostNameComparisonMode Enumeration. The docs for basicHttpBinding will show you how to use it.
We have a solution that consists of a WCF webservice on one side and a smart client on the other side.
Typically, we set up HTTPS on the webserver for the webservice so that communication between client and server happens over HTTPS.
One of our customers however has a proxy server in between that strips incoming HTTPS request from their SSL payload and forwards a plain HTTP request to the webserver:
Client > HTTPS > Proxy > HTTP > Webserver
The problem is that we are using WsHttpBinding to allow us to communicate with WCF over SSL. Typically we use that binding both on client and server and there's no issue.
But since the webservice actually receives an HTTP request, we cannot use WsHttpBinding (requires HTTPS). But we MUST use HTTPS from the client.
But of course, WCF requires the bindings between client and server to match. So we're a bit stuck and I can't find a good way to solve this issue:
We cannot set the client up to use HTTP for security reasons
We can set the service to accept HTTP requests, BUT the client won't be able to communicate with it.
Is there a certain setup that could cover this requirement?
use the wcf binding converter to get a custom binding from your wshttpbinding. then change in the custom binding from https to http element.