Web Server Extensions

Note: Web Server Extensions only apply to AK versions 3.0 and above

Web Server Extensions are agents that the WebServer uses to process, modify, or handle a request before the WebServer handles it. Common Web Server Extensions are HTTPRedirectAgent, HTTPProxyAgent, HTTPFileServerAgent, and HTTPAuthenticationAgent. Web Server Extensions are ordered in a chain and if the request has not been handled by the end of the chain, the WebServer attempts to handle it by resolving the request's URI through the ServiceManager.

The order of the extensions in the chain is very important, and is determined by the extension's agent_id or the order in which the extensions are started. There are 2 ways of loading extensions into the WebServer:

1. Using a PropsListServiceManager, each extension registers itself (via the service_name property) using the prefix extension:// followed by a regular expression that matches a hostname:port. For example: registering an extension with the service_name extension://.* will have that extension be in the chain for all domains requested. Registering an extension as extension://.*mydomain.com:8000 will have that extension be in the chain for any domain ending with mydomain.com and for port 8000. The order which extensions get added to a chain is determined by agent_id.
2. Each extension can register itself directly with a WebServer using the webserver_service_name and domains properties of the Web Server Extension. The webserver_service_name is the service name that the WebServer registered itself as (typically WebServer-80), and domains is a comma separated list of domains. If a request for a given domain is in the list, this extension will be added to the chain. If this property is set to all, then it will be added to the chains of all domains. The order which extensions get added to a chain is determined by which extensions are started first, all extensions MUST be started AFTER the WebServer in this scenario.

An example of the importance of order:
If an HTTPAuthenticationAgent is used to limit access to files in a certain directory, it needs to be before the HTTPFileServerAgent in the chain. Otherwise, a request for a protected file is received by the WebServer, it sends the request down the chain of extensions, and the HTTPFileServerAgent handles the request, serving the file which should have required authentication. If the HTTPAuthenticationAgent is before the HTTPFileServerAgent in the chain, then it will handle the request first, and respond asking for authentication.

There are a number of request modifying Web Server Extensions such as HTTPSetProperty and HTTPPathRewrite. The HTTPSetProperty agent simply sets a property in the HTTPAgentRequest if it finds a match in the HTTP request. The HTTPPathRewrite is similar to Apache's mod_rewrite module and can be used to actively rewrite URI paths. Neither of these extensions will respond to the request directly, and the HTTPAgentRequest is simply handed down to the next extension in the chain

Along with the HTTPAuthenticationAgent, there is an extension called HTTPAccessRestrictionAgent which works similar to Apache's ALLOW and DENY directives. It can be set up to allow or deny based on URI path, request method (GET, POST, HEAD), ip address, and/or if a specific property in the HTTPAgentRequest is set or unset.

There is also a simple implementation for CGI using the HTTPcgi agent. This extension can be used to execute scripts in a specified directory through the CGI interface. Warning: There are no precautions implemented for local security, every script is executed with the assumption that the script is working as intended and is written such that no security information is compromised. Use the HTTPcgi extension at your own risk.