Development, Analysis And Research

After few weeks, into launch of a global application, I received word that a couple of employees have been unable to gain access to their internal networks in Europe, and are outside the realm of the global corporate intranet. A system is also in place to allow members to gain access to the corporate intranet, which was put in place by an external company called Scalable Networks.

This all works fine; however, there is a proxy in place that rewrites all URLs, which we were not involved with or any aspects of security. We did not know of a proxy’s existence until a week before launch. As such, the Proxy rewrites every URL using CGI, and JavaScript; the problem being is aspects such as Flash with the source of the data files loaded into Flash being embedded into Flash itself, and other areas that are dependant on JavaScript. Whilst the public site for the corporate intranet uses very limited amounts of flash and JavaScript, the admin section relies on a couple aspects of JavaScript to pull in data via AJAX, and utilises JavaScript to create a virtual FileSystem. All of which, the real path to the data is masqueraded by the proxy itself, and all paths that are referenced despite being relative result in a 404 error.

Now many aspects of the admin now appear to have to be rewritten or hacked to compliment the proxy in place.

An example is…

https://www.example.com/,host=intranet.domain.com,port=80,proto=http/https://www.example.com/,host=intranet.domain.com,port=80,proto=http/Style/Screen.css

A lesson learned is to always reference the data source of a flash file externally rather than embedding the location…

./Flash.swf?DataSource=/,host=intranet.domain.com,port=80,proto=http/DataSource.php&Debug=1&DebugFile=trace.php

As you can see even referencing files as relative will not work correctly, if the proxy cannot parse the URL.

Whilst developing with Apache, and IIS over a number of years, I have always found it frustrating to have to type and use a seperate port for the different web servers as you cannot bind to an IP Address with a single port, such as port 80. If you have tried to add multiple IPs, and bind to them, you may hav noticed this fail. This is due to a very simple configuration in IIS.

To Add multiple IP address’s, right click on your network adapter and click properties.

Enter the DNS information from your ISP, the default gateway, subnet, and your IP address.

Add an IP address, higher IP address than is required by DHCP such as 100+.

Open the command line, and run the following.

cd C:InetpubAdminScripts
CSCRIPT ADSUTIL.VBS SET W3SVC/DisableSocketPooling TRUE

This disables IIS from listening to the default IP address and run .

%SystemRoot%system32inetsrviis.msc

Select the Default Web Site, and right click opening properties.
Set the IP Address to an IP that is free and does not already have a server listening on port 80. Clicking Advanced you can bind IIS to a number of IPs or Host headers (Domains [www.ajohnstone.com], leaving the host header blank sets it as the default address).>

Now open httpd.conf

Modify the line.
“Listen 80″ to “Listen 192.168.0.100:80″ with the IP address you wish to bind it to.
Also update the “NameVirtualHost *:80″ in the same fashion to “NameVirtualHost 192.168.0.100:80″

Now open the hosts file. (C:\WINDOWS\system32\drivers\etc\hosts)

127.0.0.1          localhost
192.168.0.99       IIS
192.168.0.100      Apache

now restart apache and your set.

http://apache/
http://IIS/

For more configurations on Apache on windows…

When adding an application mapping for aspnet_isapi.dll, I noticed when invoking an webservice IIS would throw a 404. This is due to a flag being set to 5, which is the default. Either by editing the MetaBases XML in IIS6 or modifying the MetaBase in IIS5 with MetaEdit. You can alleviate this by setting the flags to 1 rather than 5…

.asmx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG

		ScriptMaps=".asa,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
			.asax,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.ascx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.ashx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
			.asmx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
			.asp,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
			.aspx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
			.axd,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
			.cdx,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
			.cer,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
			.config,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.cs,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.csproj,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.idc,C:\WINDOWS\system32\inetsrv\httpodbc.dll,5,GET,POST
			.licx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.rem,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
			.resources,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.resx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.shtm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
			.shtml,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
			.soap,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
			.stm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
			.vb,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.vbproj,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
			.vsdisco,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
			.webinfo,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG"
		WAMUserName="IWAM_DESTINATION"
		WAMUserPass="4963446270000000220000004000000068e601bbb4cd522a30c1ca97ae55868624ec7c6aec49da59aac18be039b5b0fc195649004e0044003efa28484ba3debde850c532c04d1fd358ac8a336aa43edd350be4a651de10b0012adadff0af6f380669ca5a86da004d61ed65ac4c2d8bfda776313e37d30109"
		WebSvcExtRestrictionList="1,*.dll
			1,*.exe
			1,C:\WINDOWS\system32\inetsrv\ssinc.dll,0,SSINC,Server Side Includes
			1,C:\WINDOWS\system32\bitssrv.dll,0,BITSEXTS,BITS Server Extensions
			1,C:\WINDOWS\system32\inetsrv\asp.dll,0,ASP,Active Server Pages
			1,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,0,ASP.NET v1.1.4322,ASP.NET v1.1.4322
			1,C:\WINDOWS\system32\inetsrv\httpodbc.dll,0,HTTPODBC,Internet Data Connector
			1,C:\PHP\Distributions\php-5.0.4-Win32\php5isapi.dll,1,,PHP
			0,C:\WINDOWS\system32\inetsrv\httpext.dll,0,WEBDAV,WebDAV
			1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\_vti_aut\author.dll,0,Windows SharePoint Services,Windows SharePoint Services
			1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\_vti_adm\admin.dll,0,Windows SharePoint Services,Windows SharePoint Services
			1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\shtml.dll,0,Windows SharePoint Services,Windows SharePoint Services
			1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\owssvr.dll,0,Windows SharePoint Services,Windows SharePoint Services
			1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\fpcount.exe,0,FPSE,FrontPage Server Extensions
			1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\shtml.dll,0,FPSE,FrontPage Server Extensions
			1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\_vti_adm\admin.dll,0,FPSE,FrontPage Server Extensions
			1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\_vti_aut\author.dll,0,FPSE,FrontPage Server Extensions
			1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\_vti_adm\fpadmdll.dll,0,FPSE,FrontPage Server Extensions"
	>

A colleague recently asked me, how he could Change the Drive Letter of a Mounted Device, when he removed a Device. I’m not sure of a reason to do this, however for future reference, i’ll leave a note here…

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\C:
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\D:
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\E:
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\F:
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\G:

Simply rename the Value Name of each Key in the registry using regedit.

Lately, I have been having a few problems with a very strange quirk, and have not been able to find the source of the problem as of yet. Currently I am authenticating over Netilla and also through Swivel implementation . All of this works correctly, however when NT Auth is enabled IE either hangs or throws a DNS error. I’m not sure exactly, how hosting & operations have implemented NT Auth, so i’ll have to look it up when i’m able to access the VPN and update this accordingly. Although this seems like a possibility.

“You can produce a problem by pressing reload fast and often. The connection is forced into reset each time, and sometimes Internet Explorer is sending a msg3 to an apache process that didn’t send the msg1 yet. I’m not sure weather this is an apache or Linux or IE problem. It could be resolved by caching credentials, which is unsafe and involves neat things like file locking and mmap(). “

using mod_ntlm_winbind

    AuthName "NTLM Authentication thingy"
    NTLMAuth on
    NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
    NTLMBasicAuthoritative on
    AuthType NTLM
    require valid-user
    require user

I recently started playing with a couple trial accounts from multi-map for a client of ours. I was quite surprised it is actually running Coldfusion and MySQL. Whilst I have heard of MySQL supporting GIS and Spatial data, I have never seen an implementation or known of one until now.

Whilst playing with Multimap I found a couple bugs within 5 minutes, the first being a problem with some calculations on tabular data types with CF complaining about LEFT(MID etc…
The other was a rather poor implementation of their user interface. I generally do things backwards and as a result rather than clicking through step 1 – ~6 I started at 6. This resulted in CF having trouble with creating a table in MySQL and obviously thowing an error. From what I can gather it is a very simple implementation, of which lat and lon coordinates are populated from their data.

Index

Data
Bug One (MySQL Table Creation)
As you can tell this is a really poor interface, apparently they were reviewing the current interface according to one of their technical guys… If you skip a step you will most likely thow an cold fusion error:(

Table
Bug Two (CF Error)

Stats

Templates

I implemented my own version, however the data I acquired was inaccurate and varied within roughly 1-2 miles as well as being a very limited on the amount of information it contained. I also received the sample RAW PAF (Postcode Address File) data from the Royal Mail, and having a look through seems very detailed, although not quite what I was looking for…

All credit due to the Multimap staff, as they managed to fix both bugs within the hour.