What is the default port number that the SOAP protocol works on?
There is no such thing as "SOAP protocol". SOAP is an XML schema.
It usually runs over HTTP (port 80), however.
SOAP (Simple Object Access Protocol) is the communication protocol in the web service scenario.
One benefit of SOAP is that it allowas RPC to execute through a firewall. But to pass through a firewall, you will probably want to use 80.
it uses port no.8084
To the firewall, a SOAP conversation on 80 looks like a POST to a web page. However, there are extensions in SOAP which are specifically aimed at the firewall. In the future, it may be that firewalls will be configured to filter SOAP messages. But as of today, most firewalls are SOAP ignorant.
so exclusively open SOAP Port in Firewalls
SOAP (communication protocol) for communication between applications.
Uses HTTP (port 80) or SMTP ( port 25 or 2525 ), for message negotiation and transmission.
Related
I got a webservice endpoint and I stumple upon how to correctly implement it.
It seems to be an parameterized exe-file which returns an XML Reply.
There is no documentation.
I am used to soap, wcf and rest but this is completely unknown to me, has anyone a guide or a best case how to implement such a service?
I can consume it with a HTTP GET but there are some questions left to me:
I know the questions are quite broad... But I could not find anything about it in the interwebz.
Is there a secure way to publish exe files as webservice?
Are there any critical downsides implementing such an interface?
Make I myself a fool and this is just an alias?
Example Url:
http://very.exhausting.company/Version/SuperStrange.exe?parameter=String
Web servers
What you call a webservice endpoint is nothing else than a web server listening on some host (normally 0.0.0.0) and some port on a physical or virtual machine and responding with some HTTP response to HTTP requests sent to that host, port and URIs that the web server cares to process.
Any web server is itself an application or a static or dynamic component of an application as the following examples illustrate:
JBoss, Glassfish, Tomcat etc. are applications, known as application servers, into which containers/servlets/plugins implementing web servers and corresponding endpoints are deployed. These listen on some port exposing generic web servers routing requests to those containers and their servlets;
a fat jar started with java -jar on a JVM which deploys a vert.x verticle featuring a vert.x HttpServer listening on some port is nothing else than a web server;
an interpreter such as node.js parsing and executing JavaScript code based on the express module will most likely deploy a web server on some port;
finally, a statically or dynamically linked application written in languages such as C++ or Go can expose a web server listing on some port.
All of the above cases feature different deployment mechanisms, but what they deploy is essentially the same: a piece of software that listens for HTTP requests on some port, executes some logic based on request and returns HTTP responses to the caller.
Your windows exe file is most likely a statically linked application that provides a web server.
Protocols
So we know you have a web server as it reacts to an HTTP GET. How does it relate to REST, SOAP etc? Effectively, REST, SOAP etc are higher level protocols. TCP is the low level, HTTP is based on top of that and your server supports that. REST, SOAP and everything else that you mention are higher level protocols that are based, among others, on HTTP. So all you know is that your application (web server) supports HTTP, but you do not know which higher level data exchange protocol it implements. It definitely implements some, at least a custom one that its author came up with to exchange data between a client and this application.
You can try to reverse engineer it, but it is not clear how would you find out about all possible endpoints, arguments, payload structures, accepted headers etc. Essentially, you have a web server publishing some sort of an API, but there is no generic way of telling what that API is.
Security
The world around you does not have to know how the API is published. You can put any of the above 4 web server implementations behind exactly the same firewall or a reverse proxy with SSL termination exposing just one host and port over SSL. So there is no difference in security, with respect to the world, whether you deploy it as exe or as a war into JBoss. This is not to say, that your exe file is secure: depending on how it is implemented it may allow all sorts of attacks, but again, this is equally true for any mechanism.
I saw many Tunnel to host:443 in Fiddler traffic interception, when I click it I saw below info:
The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through a HTTP Proxy Server (like Fiddler).
I also searched this -
Fiddler2: Decrypt HTTPS traffic and Tunnel to host:443
But these didn't answer my question, why do we need the HTTP CONNECT Tunnel? Why does a client need to send raw traffic?
See https://textslashplain.com/2015/11/19/understanding-connect-tunnels/
tl;dr: Browsers need to send CONNECT tunnel requests to proxies in order for the proxy to know to what server the traffic should be sent.
The encryption provided by HTTPS prevents the proxy server from seeing the URLs or HOST headers of the requests, and these are how a proxy normally decides where to send the requests. So, for HTTPS traffic, a different approach is needed-- that approach is that the client tells the proxy: "Hey, give me a tunnel to example.com and let me know when it's ready." The proxy does so and tells the client HTTP/200 Connection established. At that point, the proxy becomes a blind byte-shuffler that takes bytes from the client and sends them to the server and returns the bytes the server replied with back to the client.
I'm little bit confused about sip proxy and sip outbound proxy? What is the basic difference between sip proxy and sip outbound proxy? Is it mandatory to use sip outbound proxy along with sip proxy? Can anyone point me out from the below image which one is the sip proxy and outbound proxy?
As your attached picture, it should be:
User Agent: Client
SIP outbound proxies: SIP Proxy port 5060 & SIP Proxy port 5070 when they're receiving incoming request from UA
A sip proxy can be understood as an "outbound proxy" or an "inbound proxy".
Details explanation can be describe as below:
"Pretend you are a SIP User Agent, perhaps a very simple UA that
doesn't even do DNS lookups.
A call coming to you is "inbound".
It may hit your home proxy first, and receive treatment such as being
proxied to you based on your registered contact. This is an "inbound
service", and your home proxy is acting as an "inbound proxy".
Now you want to make a call. Since you're making the call, it is going
"out", or can be called "outbound". You send this call to a proxy,
which looks up the request URI in DNS and sends the call on towards
its destination. This proxy is providing the "outbound service" of DNS
resolution, and is acting as an "outbound proxy" for this call.
On any call there may be any number of inbound and outbound proxies
and services. Some proxies may even provide both sorts for a single
call.
Assume the simple network UA1----P1----P2----UA2
UA1 places a call to UA2."
//refer: https://www.ietf.org/mail-archive/web/sip/current/msg06276.html
SIP Proxy
A SIP proxy server receives a SIP request from a user agent or another
proxy and acts on behalf of the user agent in forwarding or responding
to the request.
Sip Outbound Proxy
An outbound Proxy: A proxy that receives requests from a client, even
though it may not be the server resolved by the Request-URI.
Typically, a SIP user agent is manually configured with an outbound proxy, or
can learn about one through auto-configuration protocols.
Basically they are the same, the only difference, is that SIP Proxy treats requests both for UAC (client) and UAS (server), but SIP Outbound Proxy receives requests from UAC.
And, no, it's not mandatory to use SIP Outbound Proxy along with SIP Proxy.
What about scheme from your image, these are not proxy servers, but are registrar servers which are used to register requests of the users and keep the information from these requests.
What is the difference between SIP Proxy server and Outbound proxy server.
I am using asterisk and I see two fields - proxy address and outbound proxy address.
Outbound proxy server is the server your sip request will be sent to; its similar to default gateway we set in IP configuration.
With respect to SIP
Proxy Server - Any server that proxies your request i.e. an entity between UAC and UAS, that forwards the request to UAS on your behalf.
Outbound Server - As earlier said by parag, its like default gateway. Any SIP request from you SIP client will go to this server. This is configured in your client. It can be used for policy enforcement.
The documentation of BOSH mentions that, "Each BOSH session MAY share the HTTP connections with other HTTP traffic ..." . Could anyone explain it a little bit more?
In the case of keep-alive http connections to the XMPP server, the browser may use the connection to access other HTTP services on the XMPP server.