I'm interested in applying some spray configuration settings at run time and manually setting the config in the code (maybe this isn't advisable, but in this particular case I'm writing a server that needs to have relaxed-header-parsing set to true since it will be accessed by ipv6 and I haven't found another way to allow a spray server to accept requests while being addressed via ipv6). Is there a way to do this? How?
Related
I am trying to connect a grpc-c++ client to a grpc-c++ server. I already have a grpc-java client connected with working TLS so the server should be functioning correctly.
However inside grpc-java there is a method when building a channel named 'overrideAuthority'. From the documentation the method
"Overrides the authority used with TLS and HTTP virtual hosting. It does not change what host is actually connected to. Is commonly in the form host:port."
I was attempting to find something similar for the c++ client. However, so far all I have found is a function named set_authority() on the grpc::ClientContext as well as two options used with grpc_channel_args which are GRPC_ARG_DEFAULT_AUTHORITY and GRPC_SSL_TARGET_NAME_OVERRIDE_ARG.
None of these seem to have any effect on the authority at all. The server will always reject the connection with the error
No match found for server name: 0.0.0.0.
P.S. I am aware that I can add it to the common name on the certificate (and I will if I need to). However, if possible I would like to follow the same pattern as the grpc-java client.
GRPC_SSL_TARGET_NAME_OVERRIDE_ARG is the right channel arg. Please take a look at some of the tests https://github.com/grpc/grpc/blob/470a3066c74abc7c2a0a2cab3b35000b27b51af1/test/core/end2end/fixtures/h2_ssl.cc#L133
https://github.com/grpc/grpc/blob/470a3066c74abc7c2a0a2cab3b35000b27b51af1/test/cpp/end2end/xds/xds_end2end_test.cc#L1348
Additionally, if I remember correctly, this log just serves as a warning and does not result in disconnections. Please collect some more verbose logs https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md. That might give more hints as to what's going on here.
I am trying to document a server and replicate its setup done by another person. Server is running Play Framework which also acts as a reverse proxy to MediaWiki running on Apache on the same server on a port that is not open externally on the server.
The Play Framework routes requests to the Media Wiki Server using ScalaWS. When I check the request it creates a request by using the server domain with the Apache port and the media wiki file.
In the real server it is working fine but in the test deployment it fails to reach mediawiki. It works if in the test deployment I open the Apache port externally.
So Somehow the request to the local server running internally on the machine needs to be accessed without routing the request externally. How can this be done? If anyone can give some quick tips or things I can check or even explain how this may be working, that would really help save me some time.
The /etc/hosts file had the wrong domain defined. Fixing that fixed the problem.
Excuse me. I speak poor English.
I am trying to create a network proxy programming with sock5 protocol. But I have no way to learn it, I can't figure out how a proxy programming works especially the followings:
What is the difference and association between socks5 and the Shadowsocks ?
Can I set a the network proxy configure in macOs instead of using swift or oc ?
such as enabling this check button(socks5 proxy) and filling the specific configure using a language instead of swift or oc:
configure
Once I set the option on macOs in the Question 2,what kind of data will the programming get if it listening the network?
e.g. will the macOs automatically forward the all new TCP connections to 127.0.0.1:1086 and automatically make the connections confirm to the socks5 request standard?
If so, why the final processing programming (transmit the datas to the real remote proxy-server) can make a successful connection? Instead of a forever loop(a.programming create a socket to remote proxy-server -> b. macOs automatically forward it to 127.0.0.1:1086 and make the connection confirm to the socks5 request standard -> a.)
Is it called as a proxy-client? or local proxy-server? what is the job of it. Why do I set a proxy address as a local one instead of a direct remote server?
Why when I setting a fake socks5 option in macOs network proxy options, a UDP programming can still work successfully?
If you can UNDERSTAND CHINESE:
Chinese language
The follow answers are based on my own experience and opinion.
1、socks5 is an Internet protocol that exchanges network packets between a client and server through a proxy server. Sockes
while Shadowsocks is a software use this protocol.
2 、Yes,you can. Install a Shaowsocks don't need any
Programming language, actually it like installing a EXE file on Windows or pkg on MacOS, it's just a software.
3、Socks5 is an Internet protocol like a language between two computer.
The software's message run on you computer will be "translated" by Shadowsocks.
Those translated message will be sent to the remote service (also run a Shadowsocks) then the service can send message to those "blocked" Webs' services.
4、The remote service can be called an proxy service.The local don't do anything except be "translated" by Shadowsocks. Look this picture.
5、The QQ don't use the port 1080, Shadowsocks need a fixed port to "translate" message.
I'm trying to think through the advantages and disadvantages of haproxy health checks happening on a different port from regular traffic.
If a server becomes overloaded having health checks on a different port may mark the server as being up even when overloaded. I think this is a good thing because taking servers offline may make an overloading problem worse, but want to confirm that that makes sense. I can't seem to find any good docs on the tradeoffs though and was wondering if someone has a good analysis on the tradeoffs.
The port keyword is often used with address to send health checks somewhere else than directly to the service you are checking. One example might be enabling option httpchk to monitor a non-HTTP service. What you then do is have a HTTP-compatible service that when queried can execute complex health checks against the service you are actually testing.
The above is often done with agent-check nowdays, but some people prefer to use an HTTP interface.
This also has nothing to do with server load, the only idea is to send health checks to some other service, not the one directly monitored, which is more capable of testing the actual service (possibly by using a more-complex logic) and returning a result. As an example, one could have a MySQL backend which instead of being tested just for authentication by option mysql-check, could be tested by a PHP script that, for example, checks if backup is running and if it is returns a 5xx HTTP error. The configuration could be something like:
backend mysql
mode tcp
option httpchk GET /mysql-status.php
server mysqlserver 10.0.0.1:3306 check port 80
Setup:
I have client C connecting to server S
Both C and S are on the same machine
In C the server address is hardcoded to 127.0.0.1. Likewise, in S the client address is hardcoded to 127.0.0.1
Problem:
I want to be able to sniff the traffic between the client and the server.
Due to the configuration, I cannot move the client nor the server to different locations (the address are hardcoded)
Installing the loopback interface and using tools like Wireshark+WinPcap doesn't lead anywhere (was actually already known but was worth a try)
RawCap, suggested in another topic, doesn't work. IP 127.0.0.1 is listed, but does not record any traffic.
Using rinetd to route the traffic elsewhere, as suggested here doesn't work (cannot bind on 127.0.0.1)
Not interested in using a HTTP local proxy, such as Fiddler, because I'd like to capture also other protocols
Two commercial tools work, specifically CommView and Local Network Monitor, which means it must be possible to do that ;)
How can I do to capture the traffic?
Any pointer on functions I should use or documentation I should read?
Thanks!
Basically you need to write a TDI filter driver to achieve that... for some pointers see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff563317%28v=VS.85%29.aspx
Another option is to write a WinSock LSP.
BEWARE
Since Windows 8 it is strongly encouraged to use WFP (Windows Filtering Platform) for this sort of thing...
Although it might be more cost-effective to just use/buy an existing solution - esp. if you are not a very experienced driver developer...
Use RawCap, which can solve your concerns, see this