blob: 6da0cfe2e1e295bbd41bfb1cb892f0417c8635b8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
This is a very basic HTTP server, designed for real-time server sent
event streams. BEWARE: the server offers little to no security
features.
The server supports:
- the standard HTTP "GET" method for retrieval of events.
- a custom "UPDATE" method to send events.
- HTTP 1.0 and 1.1 connections. HTTP 1.1 uses chunked mode.
The server is hard-coded to listen on TCP *:1180.
Design
------
The design concept is:
public ------ apache reverse ----- event ------ data gathering
internet proxy httpd server application
The reverse proxy is responsible for controlling public access to the
event streams served by the mini-httpd event server; the event server
itself should not be publically accessible.
Security
--------
Virtually none inherent to the server; if you can connect to the server
you can read and write the vent stream. However, the server does detect
a connection forwarded through Apache (via the X-Forwarded* headers)
and denies the UPDATE command.
Bugs
----
Does not treat request header fields case-insensitively
Does not honour the Expect: 100-continue header
Probably many more.
|