Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols.
To install: sudo apt-get install squid squid-common
To manage the server configurations, all we need is to modify squid.conf file.
It contains in /etc/squid/squid.conf
Several parameters has to be modified as follows.
http_port can be change as our wish-according to the which port is used.
Then the variable acl (access control list) can be configured.
can make a acl group :
acl ucsc src 192.168.42.0/24
http_access deny !ucsc
The most important param has to be changed is reply_body_max_size which interpret the down loadable file size.
reply_body_max_size 1048576 // in bytes
You can check for errors of the file by using the following command.
squid -k parse // check errors
Finally after limitting the file size, if someone to download a file larger than the given threshold size, the request will be redirect to a error page. Set of error files contains in /etc/squid/errors diectory.
The error file regards to the larger file is ERR_TOO_BIG.
We can edit this page as we wish. We can access the attributed of the http request by using this file.
%U - contains the requested url by the user
Sunday, December 12, 2010
Friday, August 27, 2010
Creating server logs with Log4j
By using Log4J, it can make log files on server side easily.
Log4j is a easy way to manage logs on server side. Mostly logs are written to a log file on the server to keep track of changes. We can write a log to a fie using two different methodologies. One is by using a XML file and the other is by using a property file.
Several attributes like file name, lay out and many others contains in xml file.
And then we have to use this xml file inside our codes as follows.
import org.apache.log4j.*;
import org.apache.log4j.xml.DOMConfigurator;
Logger logger;
try{
logger = Logger.getLogger("Update.class");
DOMConfigurator.configure(getServletContext().getRealPath("/") + "WEB-INF" + File.separator +"classes"+ File.separator + "xmllog4jconfig.xml");
logger.info("Log has been appended to your output.txt");
logger.info("device information changed from "+ imei_db +" to "+ imei);
System.out.println("succesfully written to output.txt");
}catch(Exception e){
System.out.println("Exception in log4j- "+e.getMessage());
}
log4j.rootLogger=DEBUG, R
log4j.appender.R = org.apache.log4j.DailyRollingFileAppender
log4j.appender.R.File = $CATALINA_HOME/logs/oooutput.log
log4j.appender.R.Append = true
log4j.appender.R.DatePattern = '.'yyy-MM-dd
log4j.appender.R.layout = org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n
Log4j is a easy way to manage logs on server side. Mostly logs are written to a log file on the server to keep track of changes. We can write a log to a fie using two different methodologies. One is by using a XML file and the other is by using a property file.
- Using an XML file : xmllog4jconfig
And then we have to use this xml file inside our codes as follows.
import org.apache.log4j.*;
import org.apache.log4j.xml.DOMConfigurator;
Logger logger;
try{
logger = Logger.getLogger("Update.class");
DOMConfigurator.configure(getServletContext().getRealPath("/") + "WEB-INF" + File.separator +"classes"+ File.separator + "xmllog4jconfig.xml");
logger.info("Log has been appended to your output.txt");
logger.info("device information changed from "+ imei_db +" to "+ imei);
System.out.println("succesfully written to output.txt");
}catch(Exception e){
System.out.println("Exception in log4j- "+e.getMessage());
}
- Using a property file : log4j
log4j.rootLogger=DEBUG, R
log4j.appender.R = org.apache.log4j.DailyRollingFileAppender
log4j.appender.R.File = $CATALINA_HOME/logs/oooutput.log
log4j.appender.R.Append = true
log4j.appender.R.DatePattern = '.'yyy-MM-dd
log4j.appender.R.layout = org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n
Monday, August 16, 2010
Configuring Message-Level Security in Web Services using Web Logic Server
Step 1 - Creating the key store and digital certificates
Followings are the steps;
Step 2 - Creating the Web service
- Create a java class for web service and create methods for functionalities of the web service.
- Right click on the class file and click on the “create web service…” option.
- Go through the wizard (select soap 1.2 binding).
- Select required policy files by selecting “WLS policies” at configure policies step. Our required
policies are as this
@Policies({
@Policy(uri = "Wssp1.2-2007-Wss1.0-X509-Basic256.xml"),
@Policy(uri = "Wssp1.2-2007-EncryptBody.xml")
})
Step 3- Next we have to configure the new keystores in WLS's identity and trust keystore for the use of web service.
STEPS:
- Start the weblogic server new instant
- Open server console and then go to
server->default server->general
- Enable Listen port
Then go to
- server->default server->Keystores
Step 4 - Creating the Client Proxy
String username = "";
String password = "";
String clientKeyStore = "C:/Documents and Settings/Administrator/Desktop/fin/ClientIdentity.jks";
String clientKeyStorePassword = "ClientKey";
String clientKeyAlias = "identityc";
String clientKeyPassword = "ClientKey";
String serverKeyStore = "C:/Documents and Settings/Administrator/Desktop/fin/ServerIdentity.jks";
String serverKeyStorePassword = "ServerKey";
String serverKeyAlias = "identitys";
Since it is used Public Key Infrastructure here, it is needed to create public private key pairs for both service provider and client. Message authentication is accomplished through signing and message integrity is accomplished by encrypting the message. To sign the message it uses the private key of each party and public key is used in purpose of encrypting. It is required to have digital certificates to verify whether the requested party is trusted. Weblogic “certgen” command is used to generate digital certificates/ key pairs. Public key information is also used to generate digital certificates.
Followings are the steps;
1. “ClientCert” is the certificate file name which is of type “pem”. “ClientKey” is the private key file of type of “pem”. “ClientKey” is the password for key file and certificate. Same procedure is used for the server side.
- java utils.CertGen -certfile ClientCert -keyfile ClientKey -keyfilepass ClientKey
- java utils.CertGen -certfile ServerCert -keyfile ServerKey -keyfilepass ServerKey
2. Then it needs to create a key store comprises of keys and certificates. It imports the above created key files and certificates to “ClientIdentity.jks”. “ClientKey” is the key store password. The above password for the key file should be used as “keypass”.
- java utils.ImportPrivateKey -certfile ClientCert.der -keyfile ClientKey.der -keyfilepass ClientKey -keystore ClientIdentity.jks -storepass ClientKey -alias identity1 -keypass ClientKey
- java utils.ImportPrivateKey -certfile ServerCert.der -keyfile ServerKey.der -keyfilepass ServerKey -keystore ServerIdentity.jks -storepass ServerKey -alias identity2 -keypass ServerKey
3. Finally import the digital certificates to the server trust key store. First server certificate is imported to its own trust store and then client certificate. This step is required since we do not use a certificate authority.
- keytool -import -v -trustcacerts -alias identity1 -file ServerCert.der -keystore ServerTrust.jks -storepass ServerTrustStorePass
- keytool -import -v -trustcacerts -alias identity2 -file ClientCert.der -keystore ServerTrust.jks -storepass ServerTrustStorePass
Step 2 - Creating the Web service
- Create a java class for web service and create methods for functionalities of the web service.
- Right click on the class file and click on the “create web service…” option.
- Go through the wizard (select soap 1.2 binding).
- Select required policy files by selecting “WLS policies” at configure policies step. Our required
policies are as this
@Policies({
@Policy(uri = "Wssp1.2-2007-Wss1.0-X509-Basic256.xml"),
@Policy(uri = "Wssp1.2-2007-EncryptBody.xml")
})
Step 3- Next we have to configure the new keystores in WLS's identity and trust keystore for the use of web service.
STEPS:
- Start the weblogic server new instant
- Open server console and then go to
server->default server->general
- Enable Listen port
Then go to
- server->default server->Keystores
Set the key store type to “custom Identity and custom Trust” ,and set key store paths and their passwords
- Then go to SSL tab and set its settingStep 4 - Creating the Client Proxy
Now we have to create a client for the above created web service. In doing so client proxy has to be created as;
New -> Web Service (locates under Business Tier) -> Web Service Proxy
For the “WSDL Document URL” you have to give the path of the wsdl file created from the web service.
New -> Web Service (locates under Business Tier) -> Web Service Proxy
For the “WSDL Document URL” you have to give the path of the wsdl file created from the web service.
Eg:-http://192.168.24.239:7101/BasicPolicy-Basic_ws-context-root/HelloSoap12HttpPort and “?WSDL” should be append at the end.
After creating the proxy, the generated client class contains the main method which calls the functions of web service and set of methods that guarantees the security of web service. Here client class is created as “HelloSoap12HttpPortClient” where Hello is the name given by you. We have to modify the “setPortCredentialProviderList()” method to suits with our configurations. Information regards to client and server key stores have to be given as the following example.
String username = "";
String password = "";
String clientKeyStore = "C:/Documents and Settings/Administrator/Desktop/fin/ClientIdentity.jks";
String clientKeyStorePassword = "ClientKey";
String clientKeyAlias = "identityc";
String clientKeyPassword = "ClientKey";
String serverKeyStore = "C:/Documents and Settings/Administrator/Desktop/fin/ServerIdentity.jks";
String serverKeyStorePassword = "ServerKey";
String serverKeyAlias = "identitys";
How to run
- Run the web service first
-Then run the client proxy.
-You can verify the security of data transferred, by using a network packet analyzer such as “Wireshark”.
- Run the web service first
-Then run the client proxy.
-You can verify the security of data transferred, by using a network packet analyzer such as “Wireshark”.
Subscribe to:
Posts (Atom)