php build-in serverでhttpsサーバーを起動

ローカル環境で、httpsの挙動を確認したい時に使えるのが、hyper-builtinというライブラリ
https://github.com/mpyw/php-hyper-builtin-server

opensslでサーバー証明書を生成し、composerでhyper-builtinを入れて起動
※下はawslinuxだが、centosでも同様

### sslモジュールインストール(centOSの場合はmod_ssl)
$ sudo yum install mod24_ssl
$ httpd -M | grep ssl

### 秘密鍵作成
$ openssl genrsa > server.key

### CSR作成
$ openssl req -new -key server.key > server.csr

### サーバー証明書作成
$ openssl x509 -req -signkey server.key < server.csr > server.crt
$ rm server.csr

### 秘密鍵&サーバー証明書配置
$ sudo mkdir /etc/httpd/conf/ssl.key
$ sudo mkdir /etc/httpd/conf/ssl.crt
$ sudo mv server.key /etc/httpd/conf/ssl.key/
$ sudo mv server.crt /etc/httpd/conf/ssl.crt/

### ssl.conf編集
sudo vi /etc/httpd/conf.d/ssl.conf

# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

### apache再起動
$ sudo service httpd restart

### composerでhttps用のphp buildin-server libraryインストール
$ curl -sS https://getcomposer.org/installer | php
$ php composer.phar require –dev mpyw/php-hyper-builtin-server:^2.0

### httpsサーバー起動
$ vendor/bin/hyper-run -s 192.168.33.10:8000

うおおおおおおおおおおおおおお、めんどくせええええええええええええ
これ、playbook.ymlで一括管理してーーーーーーーーーーーーー

User Agent perspective

How to investigate user agent?
As an example, the user agent for IE9 is described as follows.

Mozilla / 5.0 (compatible;MSIE 9.0; Windows NT 6.1; Trident/5.0)

Application name
It corresponds to the “Mozilla” part. It is used in the sense that it has the function of the type of browser or its application.

Application Version
In the “5.0” part after Mozilla, it indicates the version of the application.

Platform token
It corresponds to the “Windows NT 6.1” part. It will be the display about OS.

Version Token
It corresponds to the part of “MISE 9.0”.Displaying browser version.

Compatibility Flags
It corresponds to the “Compatible” part. It shows the compatibility with Internet Explore.

Rendering engine
It corresponds to the part of “Trident/5.0”. Shows software that causes the browser to display the requested content.

Internet Explore
ver.11

Mozilla / 5.0 (Windows NT 6.3; ARM; Trident / 7.0; Touch; MALNJS; rv: 11.0) like Gecko

ver.10

Mozilla / 5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW 64; Trident / 6.0)

Chrome

Mozilla / 5.0 (Windows NT 5.1) AppleWebKit / 535.11 (KHTML, like Gecko) Chrome / 17.0.963.79 Safari / 535.11

Firefox

Mozilla / 5.0 (Windows NT 6.1; rv: 11.0) Gecko / 20100101 Firefox / 11.0

Safari

Mozilla / 5.0 (Macintosh; U; Intel Mac OS X; en-jp) AppleWebKit / 523.12 (KHTML, like Gecko) Version / 3.0.4 Safari / 523.12

Android

Mozilla / 5.0 (Linux; Android 4.4.2; 302KC Build / 101.0.2c00) AppleWebKit / 537.36 (KHTML, like Gecko) Version / 4.0 Chrome / 30.0.0.0 Mobile Safari / 537.36 YJApp-ANDROID jp.co.yahoo.android. ybrowser / 1.7.5

なるほど、内容よく見ると、どのブラウザか一発でわかりますね。まあ、一般的にユーザーエージェントは偽装されるのであまり意味ないかもしれませんが。そういえば、IPって偽装できるんでしょうか??? Chrome Extensionで、Hotspot Shieldを使えば偽装できるようですが。。

HTTP Trace method

In HTTP1.1 (RFC2616), eight kinds of methods are defined. GET, POST, HEAD, etc. are familiar, but there are five other types PUT, DELETE, OPTIONS, TRACE and CONNECT.
Of these, the TRACE method returns an HTTP request as “HTTP Parallel” as an HTTP response, and requests the Web server as TRACE instead of GET etc. as follows.

Apache setting file
/etc/httpd/conf/httpd.conf

あれ?TraceEnableないぞ。。

403 404 500 503

There are HTTP status codes from 100 series to 500 series. The 400th to 500th are the codes returned when there is an error with respect to the server or request.

403

403 is the code returned when access restriction etc is set.

It is displayed when IP restriction is applied and access is made from an IP address that is not permitted.
It is considered when there is access from other on the page to be displayed only in the company environment.

404

The code returned if the page does not exist. It is often displayed when deleting a page.

500
500 is a code returned in the case of CGI setting or program mistake. In case of this error, setting is wrong often, so it is necessary to modify permissions and code.

503
503 is the code returned when the number of accesses to the server has been exceeded and the server is under load. It is displayed when a large amount of access to the server gather at the same time.
In the case of a site where there are many instantaneous accesses, it is necessary to consider a server corresponding to that. Also, there is a possibility that may be attacked by a site.

Other representative HTTP status code
200 series
The 200 series means that the request to the server was successful. If you have successfully accessed the WEB, the status code “200” will be returned.

300 series
The 300 series is the code returned when doing redirect processing. Representative items such as “301” and “302” are listed.

Difference between GET and POST method

GET, POST are some of the HTTP methods negotiated by the specification.
Besides this there are also PUT, PATCH, HEAD, DELETE etc ..

GET method
GET adds it to the URL and makes a request

POST method
POST method is included in body of request.

GET adds directly to the URL so you can see the parameters with your eyes.
Since POST is included in body, it can not be seen with eyes.

There are different specifications when requesting with GET and POST, such as being able to send in binary, size restriction, etc.