I am trying to run a HTTP server in my LAN and want to access it by using a browser on another desktop machine. As I do not like typing the IP address and port manually I tried setting up a mDNS using jmDNS.
String type = "_http._tcp.local.";
jmdns = JmDNS.create();
jmdns.addServiceListener(type, listener = new ServiceListener() {
#Override
public void serviceResolved(ServiceEvent ev) {
Log.d(LogTag.SERVER, "Service resolved: " + ev.getInfo().getQualifiedName() + " port:"
+ ev.getInfo().getPort());
}
#Override
public void serviceRemoved(ServiceEvent ev) {
Log.d(LogTag.SERVER, "Service removed: " + ev.getName());
}
#Override
public void serviceAdded(ServiceEvent event) {
// Required to force serviceResolved to be called again (after the first search)
jmdns.requestServiceInfo(event.getType(), event.getName(), 1);
}
});
serviceInfo = ServiceInfo.create(type, NAME, PORT, "test service");
jmdns.registerService(serviceInfo);
The mDNS entry shows up on ZeroConf Browser app just fine. The server is reachable by IP and port just fine.
On Windows 7 typing the name with the .local TLD (= http://roseblade.local/) into any address bar (Firefox, Chrome, Safari, IE) does not do much and from what my research shows is pretty much a futile task anyway. I installed Apple Bonjour but that only help running Hobbyist Software's Bonjour Browser.
As far as Linux goes I tried the same with elemantaryOS and Midori but that also did not work.
OSX or iOS is currently not available to me.
How can I get the resolution of the .local address to work in my browser (Firefox, Chrome, whatever on Linux, OSX or Windows7)? Am I doing something wrong? At this point I would just like to verify that mDNS can work like that on a system.
Pointers to material on the issue are also appreciated.
mDNS and Bonjour can be a little confusing because they actually encompass a few different functionalities. Service discovery, which I believe is what you have implemented, is one. Resolving an address--which is what you're looking for--is separate, and needs to be solved separately. Once you have address resolution working, you can point your service discovery at the DNS records provided by your resolver.
mDNS address resolution works by multicasting a DNS query over the network. By binding to a UDP port, listening for queries, and answering them, you can provide DNS records to mDNS clients. To do this, you can use an existing mDNS server like avahi-daemon, or, if you need custom functionality or integration with your application, implement one using something like Node.js's multicast-dns.
However, in my experience, this has been rather flakey. Some network configurations interfere with mDNS resolution, as do some OSes (eg. iOS 8, see the whole debate around discoveryd vs. mDNSResponder).
Related
I want to know the IP of a public domain name like stackoverflow.com e.g. using my esp8266.
I know there is a method WiFi.hostByName("www.stackoverflow.com",IP);
But this does not allow me to specify a particular specified DNS like 8.8.8.8
And I don't want to connect my esp8266 by specifying a primary and secondary DNS, instead it will get these info automatically from the router.
I want this procedure to overcome an issue with my esp8266. So I need to get the IP from a specified DNS server.
I have seen this interesting library but it uses EthernetUDP which I shouldn't be dealing with.
I tried the following :
#include <Dns.h>
#include <ESP8266WiFi.h>
void setup() {
WiFi.begin("SSID", "password");
DNSClient dnClient;
IPAddress IPtofind;
const IPAddress DNS_IP( 8, 8, 8, 8 );
dnClient.begin( DNS_IP );
if(dnClient.getHostByName("stackoverflow.com", IPtofind) == 1) {
Serial.println(IPtofind);
}
else Serial.print(F("dns lookup failed"));
}
but the compiler complains about
static void EthernetClass::begin(uint8_t*, IPAddress, IPAddress, IPAddress, IPAddress)
and it has the right for that.
Do you have any simple solution ?
It really should be simple I feel !
The esp8266 core for Arduino doesn't have setDNS like the WiFi libraries from Arduino, even if it should have the same API.
To set the DNS server without static IP configuration to change the DNS obtained by DHCP, you could use the espconn_dns_setserver function of the underlying SDK.
Our application hosted on Google App Engine Node.js (Flexible Environment). We are now under review of security inspection and failing on the issue that Google App Engine supports TLS 1.0 and 1.1 versions.
Is there a way to enforce the use of only TLS 1.2? And also block ciphers that are below 128 bit?
So I also came up against this problem...and found that GCP weren't that helpful. They'll helpfully restrict at a domain level if a support ticket is put forwards....which resolves the security concern...but you'll still get false positives which need explaining at every penetration test (the GAE shared IPs accept other version of TLS for other domains).
For a nice clean solution; use Cloudflare for your DNS. They essentially act as a middleman/web application firewall. Amongst other things (free certificates, WAF, DDOS mitigation, CDN, HTTPS force, HSTS etc etc etc), you're able to set the minimum TLS version as you wish. Mine is now minimum TLS 1.2, supporting TLS 1.3 if the browser accepts it. I've also essentially only got port 80/443 on GAE connected to cloudflare, with no public access at all, as all traffic goes through cloudflare first. Pretty neat - zero ports open to the public and a fully operations website! The pen test guys just scratched their heads and packed up.
Oh...and FYI - it's free for this level of configuration. Happy security testing ;-)
I can confirm that you can make a request to google support and it takes up to 4 weeks to make the change. Not sure why. Hopefully they can speed things up in the future. But alternatively you can handle this logic at the application layer (in middleware) rather than the network layer. See snippet below:
// using NODEJS + TYPESCRIPT
// disable tls 1.0 and 1.1 weak ciphers
this.app.use((req, res, next) => {
// const cipher = ((req.socket) as TLSSocket).getCipher()
const protocol = ((req.socket) as TLSSocket).getProtocol()
// console.log('cipher: ', cipher);
// output eg: { name: 'ECDHE-RSA-AES128-GCM-SHA256', version: 'TLSv1/SSLv3' }
console.log('protocol: ', protocol);
// output eg: TLSv1.2
if (protocol === 'TLSv1.2' || protocol === 'TLSv1.3') {
next();
} else {
res.status(426);
res.send('request requires TLSv1.2 or greater, please upgrade');
}
});
I've not tried this so I can't guarantee it would work, but it seems like you could use a HTTP(S) Load Balancer. The SSL policies are configurable such that it would likely meet the requirements of your security review.
We know an iOS app can connect to Wifi with CaptiveNetwork reference. As described in some related post: Connect WiFi Network via App.
Is there any similar library to help a Windows app to view exising wifi around and get connected?
Yes. There's the Windows.Devices.Wifi namespace. (Details here https://msdn.microsoft.com/en-us/library/windows/apps/windows.devices.wifi.aspx?f=255&MSPPError=-2147217396 )
It offers Methods to list networks and a method called ConnectAsync() to connect. I once coded a sample here (it also covers other stuff): https://github.com/DanielMeixner/w10demoking/blob/master/Windows10DemoKing/wifi.xaml.cs
The magic lines of code are
using Windows.Devices.WiFi;
// create network adatper instance (see sample code in link above) ...
var nw = nwAdapter.NetworkReport.AvailableNetworks.Where(y => y.Ssid.ToLower() == "myssid").FirstOrDefault();
await nwAdapter.ConnectAsync(nw, WiFiReconnectionKind.Automatic);
My public web app has a special servlet to generate a digest of published documents and saves them to a configured file path on server. This servlet must only be available by ip's specified by administrator of the app.
My hope is/was that this kind of stuff could be configured via tomcats security manager (a special servlet/ url should only be "listen" to a specific ip-(range)). Is this possible?
Or in general: i don't want to implement "security" in my code (the servlet it self could filter the ip). it should be a matter of container configuration or system configuration.
so how to achieve that
Tomcat already comes with Remote Address Filter valve that filters all requests to match a pattern. If you only need to provide filtering for a single URI, it is probably best to extend RequestFilterValve class and embed the logic in the extension. Something like this should work (haven't tested locally but you should be able to get the idea):
public class YourValve extends org.apache.catalina.valves.RequestFilterValve {
public void invoke(Request request, Response response) throws IOException, ServletException {
if (request.getRequestURI().startsWith("/path/to/your/secure/servlet") {
process(request.getRequest().getRemoteAddr(), request, response);
} else {
// no need to filter anything
}
}
}
You would have to configure this valve to provide allow regex, as explained in Remote Address Filter documentation. It could be something like
<Valve className="YourValve" allow="127\.\d+\.\d+\.\d+"/>
(above only allows localhost)
This article, chapter 4.1 explains how to install valves.
I've used Selenium ide to record test cases, export them to Groovy source, modify as necessary and run them. The default code expects a server on localhost, I'd like to use a server on a remote machine. How can I do this? When looking at the doc for GroovySeleneseTestCase it does not appear there is a setUp() method that allows you to use a remote server. The only option I can think of is setting a server host and port through the default selenium object in my setUp() method but am not sure how to do this.
In Java:
HttpCommandProcessor processor = new HttpCommandProcessor("localhost", 3300, browserName, appBaseURL);
selenium = new CustomSelenium(processor, browserName, waitToLoadTimeout, waitForConditionTimeout);
selenium.start();
just replace localhost and 3300 by the server's address and the correct port. I don't know Groovy, but it shouldn't be much different. Of course, the server has to be started first and the firewall configured.
In order to get this to work I had to create a custom instance of GroovySelenium, assign it to the test class, and not call the super.setUp method. Code example follows.
void setUp(String selServer, int selPort, String browser, String basePath) throws Exception {
def tempSel=new DefaultSelenium(selServer, selPort, browser, basePath)
selenium= new GroovySelenium(tempSel)
selenium.start()
setDefaultTimeout(30000)
setCaptureScreenshotOnFailure(false)
}
Assuming you have this setup method in a class called MyTest, want to test google.com using a selenium server with host name myserver, port 5555, and using internet explorer as the browser the following code would work.
test=New MyTest()
test.setUp("myserver",5555,"*iexplore","http://www.google.com")
test.testMyTest()