1、20-755: The Internet Lecture 10: Web Services III,David OHallaron School of Computer Science and Department of Electrical and Computer Engineering Carnegie Mellon UniversityInstitute for eCommerce, Summer 1999,Todays lecture,Anatomy of a simple Web server (40 min) Break (10 min) Advanced server feat
2、ures (45 min),Anatomy of Tiny: A simple Web server,#!/usr/local/bin/perl5 -w use IO:Socket; # # tiny.pl - The Tiny HTTP server #,Tiny: configuration,# # Configuration # $port = 8000; # the port we listen on $htmldir = “./html/“; # the base html directory $cgidir = “./cgi-bin/“; # the base cgi direct
3、ory $server = “Tiny Web server 1.0“; # server info,Tiny: error messages,# # Error messages # # Terse error messages go in the response header %terse_errors = ( “403“, “Forbidden“, “404“, “Not Found“, “501“, “Not Implemented“, ); # Verbose error messages go in the response message body %verbose_error
4、s = ( “403“, “You are not allowed to access this item“, “404“, “Tiny couldnt find the requested item on the server“, “501“, “Tiny does not support the given request type“, );,Tiny: Create a listening socket,# # Create a TCP listening socket file descriptor # # LocalPort: list on port $port # Type :
5、use TCP # Resuse : reuse address right away # Listen : buffer at most 10 requests # $listenfd = IO:Socket:INET-new(LocalPort = $port, Type = SOCK_STREAM, Reuse = 1, Listen = 10) or die “Couldnt listen on port $port: $n“;,Tiny: main loop structure,# # Loop forever waiting for HTTP requests # while(1)
6、 # Wait for a connection request from a client $connfd = $listenfd-accept(); # Determine the domain name and IP address of this client # Parse the request line (after stripping the newline) # Parse the URI# Parse the request headers# OPTIONS method# HEAD method# GET method# misc: POST, PUT, DELETE,
7、and TRACE methods ,Tiny: error procedure,# # error - send an error message back to the client # $_0: the error number # $_1: the method or URI that caused the error # sub error local($errno) = $_0; local($errmsg) = “$errno $terse_errors$errno“; print $connfd $errmsg $errmsg $verbose_errors$errno: $_
8、1 The Tiny Web Server EndOfMessage ,Tiny: get clients name and address,# Determine the domain name and IP address of this client $client_sockaddr = getpeername($connfd); ($client_port, $client_iaddr) = unpack_sockaddr_in($client_sockaddr); $client_port = $client_port; # so -w wont complain $client_n
9、ame = gethostbyaddr($client_iaddr, AF_INET); ($a1, $a2, $a3, $a4) = unpack(C4, $client_iaddr); print “Opened connection with $client_name ($a1.$a2.$a3.$a4)n“;,Tiny: parsing the request line,# Parse the request line (after stripping the newline) chomp($line = ); ($method, $uri, $version) = split(/s+/
10、, $line); print “received $linen“;,Tiny: parsing the URI,# # Parse the URI # # Either the URI refers to a CGI program. if ($uri = m:/cgi-bin/:) $is_static = 0; # extract the program name and its arguments ($filename, $cgiargs) = split(/?/, $uri); if (!defined($cgiargs) $cgiargs = “; # replace /cgi-b
11、in with the default cgi directory $filename = s:/cgi-bin/:$cgidir:o; ,Tiny: Parsing the URI,# . or the URI refers to a file else $is_static = 1; # static content $cgiargs = “; # replace the first / with the default html directory $filename = $uri; $filename = s:/:$htmldir:o; # use index.html for the
12、 default file $filename = s:/$:/index.html:; # debug statements like this will help you a lot print “parsed URI: is_static=$is_static, filename=$filename, cgiargs=$cgiargsn“;,Tiny: parsig the request headers,# # Parse the request headers # $content_length = 0; $content_type = “text/html“; while () #
13、 read request header into $_ # Delete CR and NL chars s/n|r/g; # delete CRLF and CR chars from $_ # Determine the length of the message body # search for “Content-Length:“ at beginning of string $_ # ignore the case if (/Content-Length: (S*)/i) $content_length = $1; ,Tiny: parse the command line (co
14、nt),# determine the type of content (if any) in msg body # search for “Content-Type:“ at beginning of string $_ # ignore the case if (/Content-Type: (S*)/i) $content_type = $1; # If $_ was a blank line, exit the loop if (length = 0) last; ,Tiny: OPTIONS,# # OPTIONS method # if ($method eq “OPTIONS“)
15、 $today = gmtime().“ GMT“; $connfd-print(“$version 200 OKn“); $connfd-print(“Date: $todayn“); $connfd-print(“Server: $servern“); $connfd-print(“Content-length: 0n“); $connfd-print(“Allow: OPTIONS HEAD GETn“); $connfd-print(“n“); ,Tiny: HEAD,# # HEAD method # elsif ($method eq “HEAD“) # were dissallo
16、wing HEAD methods on scripts if (!$is_static) error(403, $filename); else $today = gmtime().“ GMT“; head_method($filename, $uri, $today, $server); ,Tiny: HEAD (cont),# # process the HEAD method on static content # $_0 : the file to be processed # $_1 : the uri # $_2 : todays date # $_3 : server name
17、 # sub head_method local ($filename) = $_0; local ($uri) = $_1; local ($today) = $_2; local ($server) = $_3; local $modified; local $filesize; local $filetype;,Tiny: HEAD (cont),# make sure the requested file exists if (!(-e $filename) error(404, $uri); # make sure the requested is readable elsif (!
18、(-r $filename) error(403, $uri); ,Tiny: HEAD (cont),# serve the response header but not the file else # determine file modifcation date $modified = gmtime(stat($filename)9).“ GMT“; # determine filesize in bytes $filesize = (stat($filename)7; # determin filetype (default is text) if ($filename = /.ht
19、ml$/) $filetype = “text/html“; elsif ($filename = /.gif$/) $filetype = “image/gif“; elsif ($filename = /.jpg$/) $filetype = “image/jpeg“; else $filetype = “text/plain“; ,Tiny: HEAD (cont),# print the response header $connfd-print(“HTTP/1.1 200 OKn“); $connfd-print(“Date: $todayn“); $connfd-print(“Se
20、rver: $servern“); $connfd- print(“Last-modified: $modifiedn“); $connfd- print(“Content-length: $filesizen“); $connfd-print(“Content-type: $filetypen“); print(“n“); # CRLF required by HTTP standard # end of else # end of procedure,Some Tiny issues,How would you serve static and dynamic content with G
21、ET? How would you serve dynamic content with POST? How safe are your CGI scripts? hint: consider the impact of allowing “” in URIs.,Break time!,Fish,Todays lecture,Anatomy of a simple Web server (40 min) Break (10 min) Advanced server features (45 min),Cookies,An HTTP session is a sequence of reques
22、t and response messages between a client and a server. Regular HTTP sessions are stateless Each request/response pair is independent of the others Cookies are a mechanism for creating stateful sessions (RFC 2109) Allows servers and CGI scripts to maintain state information (e.g., which items are in
23、a shopping cart) during a session. Based on HTTP Set-Cookie (server-client) and Cookie (client-server) headers.,Cookies,server,client,request 1,Client initiates request to server.,server,client,response 1 (Set-Cookie),Server includes a Set-Cookie header in the HTTP response that contains info (the c
24、ookie) the identifies the user. The client stores the cookie on disk.,Cookies,server,client,request 2 (Cookie),Next time the client sends a request to the server, it includes the cookie as a Cookie header in the HTTP request message.,server,client,response 2 (Set-Cookie),The server incorporates any
25、relevant new info from request 2 into the Set-Cookie header in response 2.,Cookie example (from RFC 2109),Initially the client has no stored cookies.Client - server POST /acme/login HTTP/1.1 form data user identifies self in form data Server - client HTTP/1.1 200 OK Set-Cookie: Customer=“WILY_COYOTE
26、”; path= “/acme” cookie identifies user client stores cookie for the next request to this server,Cookie example (cont),Client - server POST /acme/pickitem HTTP/1.1 Cookie: Customer=“WILY_COYOTE”; $Path = “/acme” form data User selects an item for a “shopping basket” Server - client HTTP/1.1 200 OK S
27、et-Cookie: Part_Number=“Rocket_Launcher_0001” path=“/acme” Server remembers that shopping basket contains an item,Cookie example (cont),Client - server POST /acme/shipping HTTP/1.1 Cookie: Customer=“WILY_COYOTE”; $Path=“/acme” Part_Number=“Rocket_Launcher_0001”; $Path=“/acme” form data user selects
28、a shipping method from form Server - client HTTP/1.1 200 OK Set-Cookie: Shipping=“FedEx”; path=“/acme”,Cookie example (cont),Client - server POST /acme/process HTTP/1.1 Cookie: Customer=“WILY_COYOTE”; $Path=“/acme”; Part_Number=“Rocket_Launcher_0001”; $Path=“/acme”; Shipping=“FedEx”; $Path=“/acme” f
29、orm data user chooses to process order Server - client HTTP/1.1 200 OK transaction complete,Cookies,Cookies are groups by the URI pathname in the request headers (in this case /acme) The server adds cookies to the client in the response headers. The server an implicitly delete cookies by setting an
30、expiration data in the Set-Cookie header (not shown in previous example),Applications and implications of cookies,Click tracking can be used to correlate a users activity at many different sites. D pays a web site to place an tag on the sites page. Causes an advertising banner and a cookie from D to
31、 be loaded into the client when the sites page is referenced. Firms like Doubleclick maintain a unique id per client machine, but have no way to determine the users name or other info unless the user supplies it.,Applications of cookies,Content customization Cookies can be used to remember user pref
32、erences and customize content to suit those preferences. Firms like Doubleclick can record past browsing patterns and target advertising based on the reference pattern and where they are currently browsing.,Refer links,User looking at page www.cs.cmu.edu/droh/755/foo.html clicks a link to kittyhawk.
33、cmcl.cs.cmu.edu/bar.html Browser sends a referer (sic) header to identify the source page of the request,GET /bar.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */* Referer: http:/www.cs.cmu.edu/
34、droh/755/foo.html Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98) Host: kittyhawk.cmcl.cs.cmu.edu:8000 Connection: Keep-Alive,Applications of refer links,Allows advertisers to gauge the effectiveness of ads they place on other sites.
35、Allows the kind of 3rd party referral businesses like BeF.,Log files, - - 14/Jul/1999:20:14:38 -0400 “GET /people/faculty/dohallaron HTTP/1.0“ 301 375 “http:/www.ecom.cmu.edu/people/faculty/“ “Mozilla/4.05 en (WinNT; I)“ inet-fw1- - - 15/Jul/1999:02:58:10 -0400 “GET /people/faculty/dohallaron HTTP/1
36、.0“ 301 375 “http:/www.ecom.cmu.edu/people/faculty/“ “Mozilla/4.06 en (WinNT; U)“ - - 15/Jul/1999:16:35:59 -0400 “GET /people/faculty/dohallaron HTTP/1.0“ 301 375 “http:/www.ecom.cmu.edu/people/faculty/“ “Mozilla/4.04 enC-c32f404p (Win95; I)“ - - 16/Jul/1999:16:04:18 -0400 “GET /people/faculty/doh
37、allaron HTTP/1.0“ 301 375 “http:/www.ecom.cmu.edu/people/faculty/“ “Mozilla/4.06 en (Win95; I)“ - - 22/Jul/1999:16:03:51 -0400 “GET /people/faculty/dohallaron/droh.quake.gif HTTP 1.0“ 200 14336 “http:/www.ecom.cmu.edu/people/faculty/dohallaron/“ “Mozilla/4.6C-CCK-MCD en (X,Implications of logs,Cont
38、ain a great deal of personal information about the browsing patterns of people inside and outside a site. Important issue?Who has access to logs? How is the log information being used?,Virtual hosting,Virtual hosting allows one web server to serve requests for multiple domains. Allows ISPs to provid
39、e customers with their own “vanity” sites. Each eCommerce student has their own virtual Web server running at .student.ecom.cmu.edu. e.g., http:/zak.student.ecom.cmu.edu equivalent to http:/euro.ecom.cmu.edu/zack,Virtual hosting: How it works,Configure DNS so that all virtual hosts have the same IP
40、address e.g., each eCommerce student site has the IP address 128.2.218.2 (same as euro.ecom) verify this yourself with nslookup Server maintains a list of (domain name, directory tree) pairs in a hash. Server sets base html and cgi directories according to the target domain name.,Virtual hosting,www
41、,cgi-bin,html,zak,www,cgi-bin,html,elenak,www,cgi-bin,html,mansoo,server,Requests to 128.2.218.2,zak.student.ecom.cmu.edu,elenak.student.ecom.cmu.edu,Server-side includes,Server mechanism that inserts dynamic or static content directly into an HTML document.,some htmlsome more html,some htmlsome more html,
