Showing posts with label HTTP. Show all posts
Showing posts with label HTTP. Show all posts
Friday, March 1, 2013
Asynchronous Proxy and some related links
Nginx seems to be the standard reverse proxy
http://projects.unbit.it/uwsgi/ uWSGI
http://www.fapws.org/getting-started Fast Asynchronous Python Web Server
The Meaning of URL, URI, URN and IRI
Some Camel methods take a parameter that is a URI string. Many people
know that a URI is "something like a URL" but do not properly understand the
relationship between URI and URL, or indeed its relationship with other
acronyms such as IRI and URN.
Most people are familiar with URLs (uniform resource locators), such as
"http://...", "ftp://...", "mailto:...". Put simply, a URL specifies the location of a
resource.
A URI (uniform resource identifier) is a URL or a URN. So, to fully understand
what URI means, you need to first understand what is a URN.
URN is an acronym for uniform resource name. There are may "unique
identifier" schemes in the world, for example, ISBNs (globally unique for
books), social security numbers (unique within a country), customer numbers
(unique within a company's customers database) and telephone numbers.
Each "unique identifier" scheme has its own notation. A URN is a wrapper for
different "unique identifier" schemes. The syntax of a URN is "urn:
book, person or piece of equipment. By itself, a URN does not specify the
location of the resource. Instead, it is assumed that a registry provides a
mapping from a resource's URN to its location. The URN specification does
not state what form a registry takes, but it might be a database, a server
application, a wall chart or anything else that is convenient. Some
hypothetical examples of URNs are "urn:employee:08765245",
"urn:customer:uk:3458:hul8" and "urn:foo:0000-0000-9E59-0000-5E-2". The
CHAPTER 3 - GETTING STARTED WITH APACHE CAMEL 11of a URN implicitly defines how to parse and interpret the
know the semantics implied by the
access to the registry appropriate for the
not have to be public or globally accessible. For example,
"urn:employee:08765245" might be meaningful only within a specific
company.
To date, URNs are not (yet) as popular as URLs. For this reason, URI is widely
misused as a synonym for URL.
IRI is an acronym for internationalized resource identifier. An IRI is simply an
internationalized version of a URI. In particular, a URI can contain letters and
digits in the US-ASCII character set, while a IRI can contain those same
letters and digits, and also European accented characters, Greek letters,
Chinese ideograms and so on.
http://camel.apache.org/manual/camel-manual-2.10.0.pdf
Mime type in HTTP
http://en.wikipedia.org/wiki/MIME#Content-Type
Content type header is just a part of the overall MIME type specification but for the Internet media type.
Apache Virtual Hosts and Url Rewriting
Today I setup our site in apache that uses javascript to make third party ajax calls to remote web services.
We had the javascript deployed to apache and the backend web services elsewhere.
I configure apache like so:
In order to rewrite all requests that don't match to the index page I added the rewrite rule.
In this case we would add server.example.com to our hosts file on our development box.
Put the following in your .htaccess file in your public_html directory: RewriteRule ^(.*)$ index.html [L]
Add this to httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/Users/bob/projects/someproject"
ServerName server.example.com
<Directory "/Users/bob/projects/someproject">
AllowOverride All
</Directory>
</VirtualHost>
Finally make sure you have this in httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so
http://httpd.apache.org/docs/2.2/mod/core.html
http://stackoverflow.com/questions/13737738/rewriterule-for-index-page-in-localhost
Monday, December 17, 2012
Load testing Web Applications and Client Side Javascript
Two topics here.
load testing on the server
load testing on the front end
Load testing on the Server.
http://jmeter.apache.org/
http://grinder.sourceforge.net/
This is kind of in the middle.
For load testing the server, verifying responses, and interacting with the page returned. Multi-mechanize looks pretty sweet. Its a python library that reminds me of selenium somewhat.
http://testutils.org/multi-mechanize/scripts.html
Load testing on the front end
Jiffy is an end-to-end real-world web page instrumentation and measurement suite. Jiffy is a novel idea in load testing tools instead of measuring the performance of the web server. We are measuring the time it takes to load the web page on the client and run the javascript.
http://code.google.com/p/jiffy-web/
This would probably be a nice setup at a company if you had a great set of selenium tests that were maintained. This would most likely take a while to run and by running them in parallel you could definitely speed up the process.
http://selenium-grid.seleniumhq.org/
http://selenium-grid.seleniumhq.org/setting_up_selenium_grid_on_ec2.html
Selenium RC is a project for language bindings to selenium. http://seleniumhq.org/projects/remote-control/
If you have money to throw at the problem, this may be of interest. http://www.crunchbase.com/company/browsermob
Cookies are disabled?
A standard way of checking for cookie support is via a redirect.
For reasons I'll explain below, I think it's best to do a cookie check only when the user initiates an action that would require a cookie such as attempting to log in, or adding something to their cart.
First, the server checks the login data as normal - ie if the login data is wrong the user receives that feedback as normal. It immediately responds with a cookie, and a redirect to a page which is designed to check for cookie preferences - which may just be the same URL but with some flag added to the query string. This next page will then check to see if the client sent any cookie. If not, then the user receives a message stating that a cookie was not received and they should probably try to enable cookies if they want to log in.
Now for why I only do a cookie test after a user-initiated action other than simply loading a page. I have seen sites implement a cookie test on every single page, not realising that this is going to have effects on things like search engines trying to crawl the site. That is, if a user has cookies enabled, then the test cookie is set once, so they only have to endure a redirect on the first page they request and from then on there are no redirects. However, for any browser or other user-agent, like a search engine, that doesn't return cookies, every single page could have a redirect. While it'll still work and a lot of the time users won't see any difference, it is a lot more overhead and load than necessary.
Another method of checking for cookie support is with Javascript - this way, no redirect is necessarily needed - you can write a cookie and read it back virtually immediately to see if it was stored and then retrieved. The downside to this is it runs in script - ie if you still want the message about whether cookies are supported to get back to the server, then you still have to organise that - such as with an Ajax call.
For my own application, I implement some protection for 'Login CSRF' attacks, a variant of CSRF attacks, by setting a cookie containing a random token on the login screen before the user logs in, and checking that token when the user submits their login details. Read more about Login CSRF from Google. A side effect of this is that the moment they do log in, I can check for the existence of that cookie - an extra redirect is not necessary.
http://stackoverflow.com/questions/531393/how-to-detect-if-cookies-are-disabled-is-it-possible
Unique Short URLs
Today I was trying to create a unique short url.
I was using the UUID class provided by java earlier for id generation. This produced ids that were too large for our purposes.
So they recommended using something they were using on another project, hash(ip + timeofvisit)
I ended up using sha1(ip + timeofvisit), cut this in half from a 20 byte[] to ten bytes. Finally base64 encode the bytes into a url safe string.
Later I got into a discussion about why I was using base 64 encoding to shorten the length of the string. Here it goes.
My point was that if you started off with the md5 hash (which produces a 128 bit digest) in a byte []
Then of the two representations, hex coded string and base 64 encoding, the base 64 version would be a smaller string.
My partner argued the below:
As this shows base64 encoding a STRING obviously causes it to get larger.
dhcp199:apache-tomcat-7.0.33 randy$ php -r "echo md5('123').PHP_EOL; echo base64_encode(md5('123')).PHP_EOL;"
202cb962ac59075b964b07152d234b70
MjAyY2I5NjJhYzU5MDc1Yjk2NGIwNzE1MmQyMzRiNzA=
Here below you see my point. By passing true for raw_output the base64 encoded version is shorter.
randys-MacBook-Air:~ randy$ php -r "echo md5('123').PHP_EOL; echo base64_encode(md5('123', true)).PHP_EOL;"
202cb962ac59075b964b07152d234b70
ICy5YqxZB1uWSwcVLSNLcA==
Good python code on here for generating unique random looking ids from some sequential key
https://github.com/adecker89/Tiny-Unique-Identifiers/blob/master/tuid.py
Monday, December 3, 2012
Illegal Characters in Cookies
Today I had a issue when setting a cookie in the browser where the server would simply not recognize that I had set the cookie. I was running Tomcat 7 and after a bunch of debugging I realized that it was because I had an @ sign in the cookie value. Interestingly tomcat didn't show an error it just ignored the cookie which was quite annoying.
setValue
public void setValue(String newValue)
- Assigns a new value to a cookie after the cookie is created. If you use a binary value, you may want to use BASE64 encoding.With Version 0 cookies, values should not contain white space, brackets, parentheses, equals signs, commas, double quotes, slashes, question marks, at signs, colons, and semicolons. Empty values may not behave the same way on all browsers.
-
-
- Parameters:
newValue- aStringspecifying the new value- See Also:
getValue(),Cookie
Subscribe to:
Posts (Atom)