• No results found

COMP 112 Assignment 1: HTTP Servers

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "COMP 112 Assignment 1: HTTP Servers"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

COMP 112 Assignment 1: HTTP Servers

Lead TA: Jim Mao

Based on an assignment from Alva Couch

Tufts University

Due 11:59 PM September 2 4 , 2015

Introduction

In this assignment, you will write a web server that understands the HTTP protocol. Your server will respond to two URLs: one which displays a list of browsers that have recently loaded the page, and one which displays information about you. These pages will not correspond to files, but will be constructed by your program in response to each request. The server should never quit.

Requirements

Write a program a1.c that does the following:

• Takes a single argument: a port number on which to listen for requests. • Accepts TCP requests from web browsers and responds with a single

HTML page of content based on the URL:

– The main page (/): Descriptions of the last 10 browsers that accessed it. For the browser details, you should display the client IP address, client hostname, and client user agent. Client user agent note should only list the user agent – no cookies and other headers.

– An about page (about.html): Anything you’d like to say about yourself. It doesn’t have to be long.

– Return "HTTP/1.1 404 Not Found" as HTTP response if URL other than "/" or "about.html" is requested.

• Protects users from script injection attacks.

(2)

not need to open files or databases; you can do this in memory. Restarting your server will cause it to clear its memory, and that’s fine.

The key to this assignment is to keep things simple and to utilize your understanding of the TCP and HTTP protocols.

HTTP and HTML Responses

Every HTTP request is a stream of characters, separated by \n characters, which describe parts of the request. Many of these characters describe the browser that is asking for information.

Similarly, your response should be a stream of characters. The simplest HTTP response is:

HTTP/1.1 200 OK

Content-type: text/plain hello world

The first line is the protocol description, which defines how your program intends to communicate in the subsequent lines. The second line is the content type, which says you will respond in plain text. The blank line is a delimiter. It is required between the header and the payload. Technically, there are two \n characters here. The hello world is the text that the browser should display.

To serve HTML, this pattern needs to be modified slightly: HTTP/1.1 200 OK

Content-type: text/html

<html><body><h1>hello world</h1></body></html>

The browser details should all be in the HTML response your web server creates. The server doesn't need to output anything in the terminal, and we won't grade anything that shows up there. We will only be grading the HTML responses we receive when trying to visit a "page" on your web server.

(3)

Assignment 1: HTTP Servers COMP 112 Spring 2015

Format of Browser Info

Please adhere exactly to the following format when displaying descriptions of the last 10 browsers that accessed your server:

Client IP Address: Client Host Name: User-Agent:

Example (pay attention to the spacing and letter case): Client IP Address: 43.23.53.1

Client Host Name: comp112-01.cs.tufts.edu

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Client IP Address: 26.30.95.21

Client Host Name: comp112-02.cs.tufts.edu

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

…And so on. This will ensure your browser info is processed correctly by the grading script.

Responding to Multiple URLs

While keeping your program self-contained, it should respond to two different URLs with different results. One will provide browser statistics,

whilethe other will provide a page about you. Link from each page to the

other, using URLS local to your server. Completing this will require interpreting the HTTP GET portion of the request.

Script Injection Attacks

(4)

The best way to prevent this is to replace several “dangerous” HTML special characters that may appear in the request headers with their print equiva- lents:

Character Replacement < &lt; > &gt; ” &quot;

In other words, if you receive a request header containing <, your server’s output should contain &lt; instead. This makes it impossible for scripts to run on your webpage.

Where to Work

Because you are writing a server, you may not work on your project from the homework server. Inside the departmental firewall (i.e. from a machine in Halligan, or from a public-facing server), please ssh to one of the following machines: • comp112-01.cs.tufts.edu • comp112-02.cs.tufts.edu • comp112-03.cs.tufts.edu • comp112-04.cs.tufts.edu • comp112-05.cs.tufts.edu

You may only work on your server from these machines.

As you will learn in this course, every service runs on a port–a number between 1 and 32767. You will be assigned ports that are yours alone. To receive your port assignments, use the /comp/112/bin/ports command, which was written by Alva Couch.

~ > /comp/112/bin/ports

ahedbe01, your ports are 9020-9039

PLEASE BE SURE TO WORK ONLY ON COMP112 MACHINES. THANKS! ~ >

(5)

Assignment 1: HTTP Servers COMP 112 Spring 2015

Testing

The servers on which you will write your code are protected from the outside world by a firewall. Your server will not be visible from the public internet. To test your server, you must do so from a point within the Halligan network. You server will call functions from the network services library. When com- piling, you will need to link against this library with the -lnsl flag: gcc -g a1.c -lnsl

Start your program as follows, replacing 9020 with one of your port numbers: ./a.out 9020

At this point, your service is running. To see if it’s working, open a browser on any Halligan machine and visit http://comp112-01.cs.tufts.edu:9020. (This is assuming you’re on the comp112-01 server.) This should connect to your program and display the list of browsers that have recently accessed your page. Similarly, http://comp112-01.cs.tufts.edu:9020/about.html should display information about you.

If you are connecting remotely, you can also use the command-line wget and curl to test your server.

Submission and Lateness Policy

Submit your code by using provide: provide comp112 a1 a1.c

Late submissions will be accepted up to three days past the deadline, with a penalty of 10% per day late. For circumstances that you believe warrant an additional extension, speak to Prof. Dogar.

Useful Links

• http://www.linuxhowtos.org/C_C++/socket.htm

References

Download now ( PDF - 5 Page - 147.63 KB )

Related documents

The dominant Law and Economics paradigm regarding “Intellectual Property" – a vehicle or an obstacle for innovation, growth and progress?

Central production of information and ideas, direct sponsoring of these activities in the form of research institutions and universities and cultural institutions, a prize system

lvi Attorney Pete Winebrake - Winebrake & Santillo, LLC EDUCATION AND PROFESSIONAL BACKGROUND: AWARDS: OTHER: OFFICE LOCATION

In this capacity, he represented New York City agencies and officials in federal civil rights and employment lawsuits and other complex litigation.. In

Technocracy, disaster risk reduction and development: A critique of the Sendai Framework 2015-2030

in the modernisation theory of development. The undesired outcome of the technocratic understanding of disaster risk is because this approach is not able to trace the grounds of

South Dakota Board of Medical and Osteopathic Examiners Regular Board Meeting

A motion for the staff to query the Board members to find a date for an telephone Board meeting in January to discuss the Federations of State Medical Board’s updated opioid

Facile Fabrication of Mechanically Stable LSGM-Based Anodes for Use in Intermediate Temperature Solid Oxide Fuel Cells. A Thesis

It is obvious that nickel nitrate is shown by the discoloration around the bright particles in Figure 29(a) and (c) effectively coats the LSGM particles. LSGM is not

Labor Markets and Kaleidoscopic Comparative Advantage

PRODUCED BY NUNES, MATA AND VALÉRIO (1989) — Carlos Robalo Marques, Paulo Soares Esteves. 5/94 EXCHANGE RATE RISK IN THE EMS AFTER THE WIDENING OF

About the white paper: The pressure to demonstrate compliance with standards and regulations such as Sarbanes Oxley, HIPAA, PCI DSS and Basel II,

In this case it is the agent for SecurID (DetectIT SecurID Agent) needed as a client for the RSA SecurID server. The client is a small footprint API included in a user

Using VMware Horizon View Client for ios

If the client is not already running, Horizon View Client is launched and the user sees the Recent Connections list, the Servers list, or the Welcome page, depending on whether the