Presentation is loading. Please wait.

Presentation is loading. Please wait.

From infra admin's point of view

Published byColleen Stafford Modified over 7 years ago

Similar presentations

Presentation on theme: "From infra admin's point of view"— Presentation transcript:

1 From infra admin's point of view
Web services From infra admin's point of view

2 Web services The World Wide Web (abbreviated WWW or the Web) is an information space where documents and other web resources are identified by Uniform Resource Locators (URLs), interlinked by hypertext links, and can be accessed via the Internet. Components: web server, web client, protocols Idea by Tim-Berners Lee, 1989 Originally the idea of „hypertext” is much much older 1990 first prototype Since 1996 most popular web server software - Apache

3 Web Server Definition A Web server is a program that generates and transmits responses to client requests for Web resources. Handling a client request consists of several key steps: Parsing the request message Checking that the request is authorized Associating the URL in the request with a file name Constructing the response message Transmitting the response message to the requesting client

4 Web Server Definition The server can generate the response message in a variety of ways: The server simply retrieves the file associated with the URL and returns the contents to the client. The server may invoke a script that communicates with other servers or a back-end database to construct the response message.

5 Web site vs. Web server Web site and Web server are different:
A Web site consists of a collection of Web pages associated with a particular hostname. A Web server is a program to satisfy client requests for Web resources. HTTP is a protocol „language“ in whitch client and server communicate

6 Handling client request
A Web server proceeds through the following steps in handling an HTTP request: Read and parse the HTTP request message for example GET the resource /foo.htm Translate the URL to a file name for example the resource be located in the base directory such as /www, where the URL corresponds to the file of www/foo/index.html Determine whether the request is authorized Generate and transmit the response that includes header to show the status information

7 Web architecture

8 Dynamic responses The documents in the WWW can be grouped into three broad categories: static, dynamic, and active. The category is based on the time at which the contents of the document are determined. Dynamic feature differentiates the Web from earlier file transfer services on the Internet. Dynamically generated responses are created in a variety of ways: Server-side include Server script Most of the web nowdays is dynamic

9 SSI A server-side include instructs the Web server to customize a static resource based on directives in an HTML-like file.

10 Server Script A server script is a separate program that generates the request resource. The program may run as Part of the server A separate process The main role of the Web server is To associate the requested URL with the appropriate script To pass data to/from the script The main role of the script is To process the input from the server To generate the content to the client

11 Active documents Active documents are sometimes referred to as client- site dynamic documents.

12 Topics to remember The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data on the World Wide Web. To get the data client sends request and server responds with data or status message Client request must contain URL URL stands for Uniform Resource Locator, and is used to specify addresses on the World Wide Web. A URL is the fundamental network identification for any resource connected to the web (e.g., hypertext pages, images, and sound files). URLs have the following format: protocol://hostname/other_information. Web pages can be static, dynamic or active

13 Security HTTP is a PLAIN TEXT protocol We all know what that means
Solution: HTTPS HTTPS (also called HTTP over SSL or HTTP Secure) is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.

14 SSL Next slideshow

15 Some (extra)useful features for Infra admin
Return to web services Some (extra)useful features for Infra admin

16 Web Services – PROXYING, Cacheing
Web proxy acts as a sort of L7 sNAT/dNAT It also can act as sort of L7 firewall It can also act as web cache Most common web servers include proxying module sometimes it makes more sense to use dedicated web proxy like haproxy or squid they also cache (though not a topic here) sometimes it easier to use web servers proxy module it depends what requrements you have Big companies prefer commercial web filtering solutions sometimes integrated with firefalls (combine L3 and L7)

17 What is web cache A web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. HTTPS cannot be cached (encryption!)

18 Technologies behind Proxy/cache can be „transparent” or client side configured „transparent” technology involves a „trickery” DNS records Routes Benefits: no client side configuration needed No user can bypass it (ha-ha!) Negative: HTTP only (most cases) Can cause problems

19 Types of proxies Forward proxy Reverse proxy They can do:
Rewrite (redirect) cacheing SSL offloading Load balancing filtering

20 Forward proxy Forward proxy forwards requests from client to server.
L7 sNAT masquerades client from server. can be used for web filtering, „anonymous“ browsing, cache etc.

21 Forward proxy Popular in BIG Co.-s Forward proxy with URL filtering
Sorta works together with L3 filtering Can do SSL MITM in „controlled environments“ (BigCo.) Bad! Can go agianst a local laws Breaks two way SLL authentication, if not implemented correctly Dangers: misconfigured forward proxy (open-relay) is easily detectable and usable by Black Hats.

22 Reverse proxy „hides” servers from client L7 dNAT
Can be very useful for admin Service aggregation Can be used as L7 „firewall” SSL offloading (good one) Load balancing „patching” (bad one) Commercial proxies are extremely expensive

23 SSL Offloading Reverse
Problem: crypto is „expensive” (in terms of computational power) Certificate management creates administrative overhead Pluses: Reduces server load „enough” secure Minuses: certificate management (SAN, wildcard) Usually used together with load balancing Forward Can not be implemented with 2-way SSL Privacy concerns Breaks things (Skype for example)

24 Rewrite To rewrite URLs „on the fly” RegExp :( Used to redirect client
Very common HTTP to HTTPS Improve usability (shorten URLs) Do not mix up with proxy, they are different things Common misuse: „patching tool”

25 Exercise In elab (NB! Its elab machine) https://elab.itcollege.ee/
Lab HTTPS security

Download ppt "From infra admin's point of view"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.
Chapter 2: Application Layer

Chapter 2: Application Layer
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
Chapter 16 The World Wide Web. 2 The Web An infrastructure of information combined and the network software used to access it Web page A document that.

Chapter 16 The World Wide Web. 2 The Web An infrastructure of information combined and the network software used to access it Web page A document that.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail (email) Electronic Mail (email) Domain mail server collects incoming mail.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.

XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.

World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
1 Welcome to CSC 301 Web Programming Charles Frank.

1 Welcome to CSC 301 Web Programming Charles Frank.
Hands-On Microsoft Windows Server 20081 Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
World Wide Web “WWW”, Web or W3. World Wide Web “WWW”, Web or W3

World Wide Web “WWW”, "Web" or "W3". World Wide Web “WWW”, "Web" or "W3"

Similar presentations

Ads by Google