Wednesday Nov 05, 2008
If you need to see the incoming request Host header logged in the web server 6.1SPx logs, then you can try below:
add last one below in magnus.conf, i.e. %Req->headers.host%
Init fn="flex-init" access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length% %vsid% %Req->headers.host% "
then it will log the host header of the incoming request, e.g.
apple:/export/home/iws6.1sp10> telnet localhost 60103
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /banner.html HTTP/1.1
Host: dummytest (note this)
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 05 Nov 2008 10:45:37 GMT
Content-length: 1827
Content-type: text/html
Last-modified: Mon, 29 Sep 2008 08:37:07 GMT
Etag: "723-48e093b3"
Accept-ranges: bytes
...........
The log will show,
127.0.0.1 - - [05/Nov/2008:18:45:37 +0800] "GET /banner.html HTTP/1.1" 200 1827 https-sess dummytest
You can see the Host: dummytest in the last column above.
See more at
http://docs.sun.com/app/docs/doc/820-1639/6nda10e4a?l=ja&a=view
e.g. add Req->headers.cookie.cookie_name for
Easy Cookie Logging
Thursday Jul 10, 2008
Guy asked about how to add Expires header with "access plus 1 day" in my post yesterday, see more at
http://blogs.sun.com/walter/entry/how_to_add_expires_header#comments
I pointed him to
http://forum.java.sun.com/thread.jspa?threadID=5019803&messageID=9052343#9052343
and I tested it work ok, so like to share with all of you.
You can download the ready to use expire.so and its source at
http://blogs.sun.com/walter/resource/code/expire.c
(source code)
and ready to go .so at
http://blogs.sun.com/walter/resource/code/expire.so
(Solaris NSAPI plugin .so)
You will also see the steps to build a NSAPI plugin below.
1. I copied the source code at
http://forum.java.sun.com/thread.jspa?threadID=5019803&messageID=9052343#9052343
into my web 6.1SP9 example NSAPI plugin directory,
apple:/export/home/iws6.1sp9/plugins/nsapi/examples>
-rw-rw-rw- 1 root other 2862 Jul 10 13:53 expire.c
2. I made some changes to the code,
( you can see the complete code at
http://blogs.sun.com/walter/resource/code/expire.c )
a. add the needed header,
apple:/export/home/iws6.1sp9/plugins/nsapi/examples> cat expire.c
#ifdef XP_WIN32
#define NSAPI_PUBLIC __declspec(dllexport)
#else /* !XP_WIN32 */
#define NSAPI_PUBLIC
#endif /* !XP_WIN32 */
#include "nsapi.h"
NSAPI_PUBLIC int expire(pblock *pb, Session *sn, Request *rq)
{
.......
b. you can also see I change the function name above from
kpn_set_cacheable
to
expire
because at first, I got an error earlier when I used this function name,
Service fn="kpn-set-cacheable" max-age="15724800"
because it should be underscore as below, instead of hypens above.
int kpn_set_cacheable(pblock *pb, Session *sn, Request *rq)
So, when I tried this earlier, I got this error ,
[10/Jul/2008:13:55:14] config (11680): for host 129.150.154.110 trying to
GET /images/, func_exec reports: HTTP2122: cannot find function named kpn-set-cacheable
So, I changed the function name to expire to avoid any such above.
3. then I change the Makefile, there,
You can see my Makefile at
http://blogs.sun.com/walter/resource/code/Makefile
4. then
apple:/export/home/iws6.1sp9/plugins/nsapi/examples> touch expire.c
apple:/export/home/iws6.1sp9/plugins/nsapi/examples> make
cc -DNET_SSL -DSOLARIS -D_REENTRANT -DMCC_HTTPD -DXP_UNIX -DSPAPI20 -I../../include -I../../include/base -I../../include/frame -I../../include/nspr -I/usr/include/mps -c expire.c
make prepare
ld -G expire.o -o expire.so
apple:/export/home/iws6.1sp9/plugins/nsapi/examples> ls -lrt
-rw-rw-rw- 1 root other 2862 Jul 10 14:43 expire.c
-rwxrwxrwx 1 root other 5748 Jul 10 14:43 expire.so
-rw-rw-rw- 1 root other 4536 Jul 10 14:43 expire.o
5. then add this into the end of magnus.conf,
Init fn="load-modules" shlib="/export/home/iws6.1sp9/plugins/nsapi/examples/expire.so"
funcs="expire"
(all in 1 line above)
6. added this into the end of obj.conf,
<Object ppath="/export/home/iws6.1sp9/docs/images/*">
Service fn="expire" max-age="86400"
Service method="(GET|HEAD)" type="~magnus-internal/" fn="send-file" nocache=""
</Object>
(note - 1 day = 24 hr * 60 min * 60 sec = 86400 )
7. then restart,
pple:/export/home/iws6.1sp9/https-pblock/config> ../stop; ../start
8. test 1: a file inside /images dir,
apple:/export/home/iws6.1sp9/https-pblock/config> telnet apple.asia 61903
Trying 129.158.175.16...
Connected to apple.asia.sun.com.
Escape character is '^]'.
GET /images/blank.gif HTTP/1.0
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 10 Jul 2008 06:50:15 GMT *** access time
Content-length: 43
Content-type: image/gif
Cache-control: public
Expires: Fri, 11 Jul 2008 06:50:15 GMT *** +1 day , see this below !
Last-modified: Thu, 10 Jul 2008 04:27:34 GMT
Accept-ranges: bytes
Connection: close
GIF89a€ÿÿÿ!ù
,L;Connection closed by foreign host.
So, we added the needed access +1 day timestamp into the Expires header above, Expires: Fri, 11 Jul 2008 06:50:15 GMT
logs:
129.158.175.16 - - [10/Jul/2008:14:50:15 +0800] "GET /images/blank.gif HTTP/1.0" 200 43
9. test2 : a file outside the /images dir,
apple:/export/home/iws6.1sp9/https-pblock/config> telnet apple.asia 61903
Trying 129.158.175.16...
Connected to apple.asia.sun.com.
Escape character is '^]'.
GET /blank.gif HTTP/1.0
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 10 Jul 2008 06:55:36 GMT
Content-length: 43
Content-type: image/gif
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Accept-ranges: bytes
Connection: close
GIF89a€ÿÿÿ!ù
,L;Connection closed by foreign host.
(no such Expires header added as in test 1)
However, this is custom coding and used at your own risk.
(Credits should go to henkfictorie who posted this source code at
http://forum.java.sun.com/thread.jspa?threadID=5019803&messageID=9052343#9052343 )
Thursday Jun 12, 2008
It is a good security practice to mask the web server name.
In Sun Java Web server 6.1 SPx, you can simply add
ServerString none
into magnus.conf file, then restart.
Before the change ,
apple:/export/home/iws6.1sp9> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 Jun 2008 01:33:50 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes
Then after the change,
apple:/export/home/iws6.1sp9/https-apple.asia.sun.com/config> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple
HTTP/1.1 200 OK
Date: Thu, 12 Jun 2008 01:37:25 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes
(Note: no more Server: Sun-ONE-Web-Server/6.1 in above headers from server.)
-------------------------------------------------------------------------------------------------------------------------------------------------------
For 7.0 Ux, you can do it in Admin GUI - Configurations - General - Advanced -HTTP Settings - Server Header:
e.g. Server Header: none
then you will see it inside server.xml,
cat server.xml,
..........
<user>webservd</user>
<http>
<server-header>none</server-header>
</http>
<snmp>
..........
then a restart will do it.
E.g. before the above change in 7.0 Ux,
apple:/export/home/iws7.0u2/https-migrate-sp2> telnet localhost 7028
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple
HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 Jun 2008 01:42:55 GMT
Content-type: text/html
Last-modified: Thu, 13 Jan 2005 02:34:52 GMT
Content-length: 447
Etag: W/"1bf-41e5de4c"
after the change,
apple:/export/home/iws7.0u2/https-apple.asia.sun.com/config> telnet localhost 7023
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple
HTTP/1.1 200 OK
Server: none
Date: Thu, 12 Jun 2008 02:29:41 GMT
Content-type: text/html
Last-modified: Wed, 28 May 2008 06:31:58 GMT
Content-length: 447
Etag: "1bf-483cfc5e"
Accept-ranges: bytes
Hope this above can help you mask out the default web server name banner.
