JanaServer - Forum » Tools for JanaServer 2 » Recommended tools by you » Jana Loopback Filter for Proxy Security
Print Page | Recommend to Friend | Add Thread to Favorites
Post New Thread Post Reply
Author
Post « Previous Thread | Next Thread »
mikew mikew is a Male
Super Moderator




Registration Date: 17.09.2004
Jana Loopback Filter for Proxy Security Post Reply with Quote Edit/Delete Post Report Post to a Moderator       IP Information Go to the top of this page

Thomas Hauck (the author of JanaServer) and I have written a small ISAPI filter plugin for the Jana proxy server.

Purpose of the filter is to enhance the security of Jana proxy installations. Therefore the filter has the following configurable features:

  • blocks access to services running only locally (e.g. Jana monitor and administration, Windows file sharing) on the proxy through the proxy itself [recommended setting = 1]
  • blocks access to Jana administration (if only bound to localhost) [recommended setting = 1]
  • allows to restrict the host ports of the HTTP CONNECT method and therefore makes it harder to "tunnel" the proxy [recommended setting = 1, allowed port only 443]
  • blocks Jana special actions (like /jana_mail or /jana_dail) [recommended setting = 0]
  • blocks simple HTTP clients (e.g. telnet) that do not properly set the Host header field. [recommended setting=0]

All features can be separately configured (activated/deactivated) in the JanaLoopbackFilter.ini file.


Installation
Download this Zip file and decompress it into the Jana directory.

Edit the configuration file JanaLoopbackFilter.ini and adapt it to your needs.

Enter the Path to the filter DLL in the Jana administration "server types -- proxy -- ISAPI" [I do not use the English Jana version, so a mod might adapt this to be correct]
Example: c:\program files\jana2\JanaLoopbackFilter.dll

The filter is working after a restart of Jana. All configuration changes in the ini file require a restart, too.



Further Documentation
A German documentation is available at the Jana Wiki: http://www.fam-hauck.de/wiki/index.php/Loopback_Filter
There you can also find the source code (that is commented in (mostly) English).


I hope the English Jana community finds this little filter useful.

This post has been edited 1 time(s), it was last edited by mikew on 13.10.2004 at 08:25.
21.09.2004 13:35 mikew is offline Send an Email to mikew Search for Posts by mikew Add mikew to your Buddy List
8787
Cool Newbie


Registration Date: 12.12.2002
Debugging JanaDomainFilter Extensions Under Visual Studio Post Reply with Quote Edit/Delete Post Report Post to a Moderator       IP Information Go to the top of this page

Mike-

Thank you and Thomas for the work, now long ago, showing an ISAPI example. I want to debug some code changes made on top of your example. Is there a way to use the interactive Visual C++ debugging capabilities to debug JanaDomainFilter as it is called from Jana Server?

In debugging other callback routines, I have been successful at configuring VC++ to run the debugger on the mainline program which in turn calls the .DLL containing the routines of interest. In that configuration, I have been able to set breakpoints and trap execution in the .DLL code. When I tried that with Janad, the server would only run for a short time before shutting down ... And none of the .DLL breakpoints trapped. I also tried that approach with JanaAdmin, then using JanaAdmin to start the server ... And that too was not successful.

Would you please share some insight or Visual Studio project configuration information?

Thank you, in advance, Merry Christmas, and Happy New Year.

Regards,
Stephen
25.12.2009 18:18 8787 is offline Send an Email to 8787 Search for Posts by 8787 Add 8787 to your Buddy List
8787
Cool Newbie


Registration Date: 12.12.2002
First Step: Ape Microsoft IIS Post Reply with Quote Edit/Delete Post Report Post to a Moderator       IP Information Go to the top of this page

Here is reference to one way to debug an ISAPI .dll using Visual Studio and JanaServer. This reference from Microsoft tells how to accomplish ISAPI debugging with IIS:

    http://support.microsoft.com/kb/183480


My experience (using a circa 1998 -- version 6 -- of VC++) was that it was easier to get Mike & Thomas's code debuggable on IIS first. After it worked with VS and IIS, the same process worked for debugging on JanaServer.

The overview is:

    1. Use the New Project wizard in Visual Studio for a new ISAPI Extension
    2. Copy Mike's code from the JanaDomainFilter download into the newly wizzed project
    3. Use Microsoft's steps to install, configure and learn the process for debugging
    4. Shut down IIS, define the ISAPI to Jana via the admin pages (for either the HTTP server or the Proxy or both)
    5. Continue debugging using Jana and the Microsoft-instructed process


Best wishes for a most excellent 2010!
27.12.2009 20:14 8787 is offline Send an Email to 8787 Search for Posts by 8787 Add 8787 to your Buddy List
Peter42
Administrator




Registration Date: 16.01.2004
Post Reply with Quote Edit/Delete Post Report Post to a Moderator       IP Information Go to the top of this page

Hi 8787, Mike is not that often in the english forum, try to ask your question in the german forum. Dont matter about the language, the most of us are familiar with english.

I cant help with that, i do not use that filter.

greetings peter
28.12.2009 22:57 Peter42 is offline Search for Posts by Peter42 Add Peter42 to your Buddy List
Peter42
Administrator




Registration Date: 16.01.2004
Post Reply with Quote Edit/Delete Post Report Post to a Moderator       IP Information Go to the top of this page

Hi 8787, Thomas has responded in the german forum, you can tell him directly what your need is. Send him a PM, you can find him here at the top of the site at the team-button. Or you answer him in the german forum, it depends on you.

greetings peter
14.01.2010 22:38 Peter42 is offline Search for Posts by Peter42 Add Peter42 to your Buddy List
 
Post New Thread Post Reply

Powered by Burning Board Lite © 2001-2004 WoltLab GmbH
English Translation by Satelk