Wednesday, April 6, 2011

How to implement HTTP Tunneling

Hi all,

I've written a Flash (Flex) client connecting to a back-end server to exchange data.

I've also written my server from scratch, and it serves two purposes:

(1) Web (HTTP) Server- By default listens on port 80

(2) Socket/Application- Server - By default listens on port 443

Just FYI, both servers run in the same process space, for convenience reasons. They are not expected to handle massive loads, so I'm fine with that.

As soon as the Flash client is served to the browser from the HTTP socket, the client attempts to open an XMLSocket to the Socket/Application server.

I now want to implement HTTP tunneling, so that my client can connect to the Application server even if the user is behind a firewall. I do not want any external servers involved (proxies etc.) - simply use the servers I already have.

My questions:

(1) Is it better to use port 443 for that? (does it better fool firewalls?)

(2) As far as I can see, what I am required to do, is just ensure that my actual application data is simply encapsulated in an HTTP structure (preceded by a dummy HTTP header), both from the client and server sides. Is that so or am I missing anything here?

(3) Do I need to keep hiding/encapsulating my data every message I send through the socket, or can I just encapsulate the first message when opening the connection?

Thanks in advance guys! Fuzz

From stackoverflow
  • Don't reinvent the wheel - use remoting via AMF protocol. AMF an HTTP-based binary format that performs serialization between ActionScript (MXML) and server side languages. Technically, this is HTTP tunneling. Adobe offers BlazeDS (open source) and LCDS (commercial) implementations of AMF for AS/Java, but there are third-party implementations of AMF for AS/PHP, AS/Python, AS/Ruby, AS/.Net.

    BTW, AMF is an open source format.

    Fuzzy : Thanks Yakov, I'll read about it, although I have a feeling this will involve running another proxy/server/process, which I have no intention to do. My web server runs in an embedded environment. There is a reason I wrote it from scratch, and that is in order to have full control over it, with minimal overhead. Another server/service is unacceptable in my case I'm afraid.
    Fuzzy : OK, I've read about AMF, BladeDS and LCDS. Essentially this is an killer overshoot for me as it provides something I don't need (object remoting, since I use my own XML content for communications and don't send too many objects just simple commands/replies), but more importantly this does *not* seem to replace HTTP tunneling at all. The whole idea about tunneling is that it bypasses firewalls. I could not find any evidence that your proposed technologies answer that need.
    Yakov Fain : To the best of my knowledge, during the last 8 years no firewalls restrict AMF (binary) content. Your Flex app talks to a BlazeDS/LCDS servlet over the port 80 or 443. You don't need to use proxy unless your flex app needs to connect to a 3rd party server that doesn't have a crossdomain.xml with proper permissions.

0 comments:

Post a Comment