Nsapi, We all know, stands for "Netscape Application Programming Interface". And we also know that it offers a very powerful approach for modifying/extending a Sun 6.x/7.0
Webserver or 3.x / 4.0.x proxy server. In a way, nsapi sits at an "extreme"; you
need a very solid understanding of the server internals/workings before you can
go around using the full power of nsapi. So when it comes to configuring your Sun
webserver/proxy server, is there an alternative?
Of course, you have the admin interface through which you can change and customize the
server behaviour. Or, you can manually edit the configuration files - obj.conf,
magnus.conf, server.xml etc - to bring about the desired effect. So, even if you have
zero interest/knowledge of the inner workings of your web/proxy server, you can refer
the docs, read up a bit, and manipulate the server using the admin interface or through manual
changes to the configuration files.
Everything looks fine, then. But looking closer - after shifting into a nitpicking
mode - you can see a certian gap existing between the two solutions mentioned above.
Seeing the questions raised regularly in the
Sun Forums and the internal proxy/webserver aliases, a very sizeable number of
issues seem to fall straight into that very same gap. in other words, every now and
then an issue comes up, which is too complicated to fix via the admin interface, yet
is too simple to warrant an effort in developing custom SAFs.
I mean, say somebody has a problem: he wants to go touring, and needs a bike for
the same. So you go and tell the chap: here, there are two bikes, and you can choose
one. Here is a Suzuki rm250, Or here is a Honda motogp special RCV211. Instead of
offering him a nice BMW or a Kawasaki GPZ, you are offering him a choice between
a motocross bike and a demonically fast motogp special.
The point im trying to make here is simple - every solution has its "space" in the problem spectrum, and there will be "gaps" between individual solutions. and very
often in life, despite we being armed with multiple solutions, problems come along
that fit into the gaps between existing solutions - rather than onto the solutions
themselves. of course, existing solutions are not rendered completely useless in
such scenarios; just that either the solutions, or the users, would have to be
unnecessarily stretched during the attempt. yes, you can go touring on a dirtbike,
but just that you would burn out pretty soon. and yes, you can choose the Honda
RCV to tour; but the engine wouldnt last much beyond the first hour.
So coming back to the web/proxy servers, and assuming the gap to be real, how do we
fill it? One solution is to offer a Scripting interface .
if you look at the evolution of computing, a system that offered a programming
interface has, sooner or later, always evolved to offer a scripting interface as
well. In short, we are talking about an nsapi plugin which can parse and execute
scripts of the form:
maxlength = 64
len = length $rq.reqpb.uri
if test $len >= $maxlength
then
echo "Sorry - URI too long\n"
req aborted
fi
req proceed
I have written a plugin which can read and execute scripts similar to the above,
and will put it up for download shortly. at the moment, it has the following
features:
o a syntax loosely based on unix shell scripting,
o provides read/write access to:
rq->reqpb (eg: rq.reqpb.uri)
rq->srvhdrs (eg: rq.srvhdrs.status)
rq->vars (eg: rq.vars.name)
rq->headers (eg: rq.headers.authorization)
sn->client (eg: sn.client.ip)
the directive's pblock (pblock.script)
o can return one of the 6 possible REQ_XXX values back to the webserver.
o (restricted) access to unix commands. (eg: var=`cat /etc/motd`)
o capacity to cache scripts, so that the read and parser stages need to
happen only once.
As another example, assume that you want to block forward proxying completely.
You can have the following script:
# Denyforward.sh
# Disable forward proxying
if test $u.reqpb.uri == "/.*"
then
req noaction
else
echo "Forward proxying forbidden\n"
req aborted
fi
Or even:
# Denyforward.sh
# Disable forward proxying
if test $rq.reqpb.uri == "/.*"
then
req noaction
else
echo `banner FORBIDDEN!`
req aborted
fi
In which case, the server would behave like this:
bash-2.03$ telnet localhost 8084
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET http://black.india/ HTTP/1.0
HTTP/1.1 500 Server Error
Server: Sun-Java-System-Web-Proxy-Server/4.0.2
Date: Wed, 24 May 2006 13:38:16 GMT
Connection: close
####### ####### ###### ###### ### ###### ###### ####### # # ###
# # # # # # # # # # # # # ## # ###
# # # # # # # # # # # # # # # # ###
##### # # ###### ###### # # # # # ##### # # # #
# # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # ## ###
# ####### # # ###### ### ###### ###### ####### # # ###
Connection closed by foreign host.
bash-2.03$
And as far as the configuration part goes, the obj.conf would look like:
Init fn="load-modules" shlib=/somewhere/libnsh.so funcs=nsh
...
...
NameTrans fn="nsh" script="/somewhere/denyforward.sh"
...
...
Posted by MUKUND on dhjetor 08, 2006 at 04:01 PD PST #
Hi,
The editor of a car/bike mag read motorbreathing, liked the stuff & would like to contact you - pl see mail below.
i had published your MB pic (thanks) & motorbreathing link in my blog - babukuriakose.wordpress.com)
Regards,
Babu CREC 83-87
--------------
Hi,
I happened to read motorbreathing.com a few days back. I havent seen anyone write like this. I am a fan of whosoever wrote it.
You seem to know him - can i have his contact details please?
--
Regards,
Bunny Punia,
Assistant Editor, Bike India
Features Editor, Car India
Co-Founder, www.xBhp.com
09923333114,09223285630
Posted by babu kuriakose on gusht 24, 2008 at 10:24 MD PDT #