I'm creating an extremely simple Vega visualization viewer: it's a one file module that serves a base HTML page containing just the Vega graphic and an HTML5 EventSource of updates. The user (me) is working in a Python shell through ssh, creates an object representing the viewer, which prints its IP and port for the user to paste into their (my) web browser. This HTTP server doesn't serve files or take input from clients, so I don't see any security concerns.
The part I'm unsure of is how to set (host, port) such that my web browser can find the HTTP server running in the remote Python. I've been experimenting all afternoon, and I don't know if I'm misunderstanding what's supposed to happen or if the servers I use have changed their access policies.
Here's a minimal example:
import SimpleHTTPServer
import SocketServer
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
httpd = SocketServer.TCPServer((host, port), Handler)
print(httpd.server_address)
httpd.serve_forever()
If I'm running this locally and want to ensure that outside viewers cannot access it, do I set host to "127.0.0.1" because that means a client would have to access it as 127.0.0.1, which can only happen locally? In this case, port can be 0 to get any open port.
If I'm running this remotely want to to ensure that outside viewers can access it, do I set host to "" or "0.0.0.0" because that means that a client can access it as any address that makes its way to the server? In this case, I might not be able to set port to 0 because many of those ports might be blocked, or is the OS smarter about this?
Basically, how is access control in Python's SocketServer supposed to work?
This is basic TCP. Nothing to do with Python.
If you listen at 127.0.0.1, only clients running in the same host can connect.
If you listen at 0.0.0.0, anybody can connect, firewalls permitting.
Related
Using Python's SimpleHTTPServer, how can I make it so that the server only responds to requests that come from the local machine?
Is there a language-agnostic way to do this? Maybe by using a specific port that is not open to the public, or by telling the firewall not to allow access to that port from outside?
This question is similar to this one, but specific to a server written with Python's SimpleHTTPServer.
You could use the loopback interface. localhost or 127.0.0.1 refers to the local address, bypasses the full networking stack, and is not accessible via the network. See wikipedia
Take the SimpleHTTPServer example.
import SimpleHTTPServer
import SocketServer
PORT = 8000
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
httpd = SocketServer.TCPServer(("", PORT), Handler)
print "serving at port", PORT
httpd.serve_forever()
We can bind to a specific address, you could use the address assigned to your machine/interface, or in your case, the loopback device.
httpd = SocketServer.TCPServer(("127.0.0.1", PORT), Handler)
You can then access the server at http://127.0.0.1:8000/ or http://localhost:8000/. The server will not be accessible using your machines assigned IP address, both from your local machine and via the network.
The following may provide additional information
ideas on specifying bind address from command line
you might be able to programatically/dynamically filter connections by building on the example here
I have a server running by using python's base http server. The host name used is '127.0.0.1' the local host, and the port number is set to 8000. I have the public ip address of the computer operating this server.
If I wanted to send a http get request to this from another computer, what would I type into my browser?
Sounds like you've got your server process running on the wrong interface. 127.0.0.1 is not a hostname but an IP address, specifically the local loopback address. It is not reachable from any other machine (unless something's gone tragically wrong with your network configuration).
You can run anything you like on the 127.0.0.1 interface, and no one else can directly connect to it from a remote machine. That's pretty much the point --- it's for testing programs that use the Internet Protocol, and (in recent years) for starting single-user servers without worrying about security. (Python 2's SimpleHTTPServer does this, as do some personal wikis, and I think iPython Notebook.)
The public address for the host running your Web server is a completely unrelated network interface, with its own hardware and its own port 8000. It doesn't know or care that you've got something listening on some other interface's port 8000, so it should refuse attempts to connect to that port.
Since you didn't post any code, I have no idea what you need to change to get your server running on the correct interface. Assuming you've more or less followed the example in the BaseHTTPServer.HTTPServer docs:
def run(
server_class=BaseHTTPServer.HTTPServer,
handler_class=BaseHTTPServer.BaseHTTPRequestHandler,
):
server_address = ('', 8000) # <----= Replace the string.
httpd = server_class(server_address, handler_class)
httpd.serve_forever()
That server_address tuple is a string containing the IP address ('1.2.101.202' or whatever), followed by an integer port number. So replace the string with your host machine's public-facing IP address.
Note that port 8000 is outside the reserved range (0 up to but not including 1024), so it's possible that some unrelated service is already using that port. (Numerous applications are already squatting port 8000.) If so, you'll just have to choose another port number. You can chose anything from 1024 up to but not including 65536, but as with 8000, someone else might already be using it.
Depending on your operating system and its security setup, you might not have permission to open a socket that listens on an arbitrary port number. If so, that's between you and your ISP or sysadmin.
http://yourip:port/func
yourip is your public ip.
port is 8080
func is your registered function.
and also make sure you port is opened
Server :
HOST = 'localhost'
PORT = 8000
Client :
HOST = '#MyIPAddress' (found on http://www.ip-adress.com/)
PORT = 8000
Client fails connecting to the server. It works if client.HOST = 'localhost' to but that's not the point. I forwarded my router to open that port. I want it to work over the internet. I tried stuff like https://pagekite.net/ but I couldn't make it work.
I would like to see any complete "hello world" example wich would send "hello world" through the internet between two clients. Either server runs on my computer or on a hosted platform I would like to see a full concrete example.
If your server and client are located at the same machine, then just
set client.HOST = 'localhost' as you said.
If your server and client are located at different machines, you
should try ping through each other.
If your server is behind an NAT device, you need to enable port
forwarding (such as upnp, dmz etc.) in order to make sure tcp
request from your client could reach your server first. What your
said sounds more like a network issue than a programming issue. Hope
this could help you.
I am using Python SocketServer to implement a socket server.
How can I find out if client used example.com to connect to me, or used x.x.x.x?
Actually, I need something like virtual hosts in Apache.
Googling didn't come up with any notable result.
Thanks
virtual hosts in Apache works because it is specified in the HTTP RFC to send the host header. Unless your client similarly sends the name it used to connect, there is really no way to find this out. DNS lookup happens separately and resolves a host name to an IP. The IP is then used to connect. – Kinjal Dixit
I wrote a simple python script using the SocketServer, it works well on Windows, but when I execute it on a remote Linux machine(Ubuntu), it doesn't work at all..
The script is like below:
#-*-coding:utf-8-*-
import SocketServer
class MyHandler(SocketServer.BaseRequestHandler):
def handle(self):
data_rcv = self.request.recv(1024).strip()
print data_rcv
myServer = SocketServer.ThreadingTCPServer(('127.0.0.1', 7777), MyHandler)
myServer.serve_forever()
I upload it to the remote machine by SSH, and then run the command python server.py on the remote machine, and try to access to xxx.xxx.xxx.xxx:7777/test with my browser, but nothing is printed on the remote machine's teminal...any ideas?
UPDATE: Problem solved, it's a firewall issue, thanks you all.
You are binding the server to 127.0.0.1, the IP address for localhost. This means the server will only accept connections originating from the same machine; it won't recognize ones coming from another machine.
You need to either bind to your external IP address, or bind to a wildcard address (i.e. don't bind to any particular IP address, just a port). Try:
myServer = SocketServer.ThreadingTCPServer(('0.0.0.0', 7777), MyHandler)
You are binding to 127.0.0.1:7777 but then trying to access it through the servers external IP (I'll use your placeholder - xxx.xxx.xxx.xxx). 127.0.0.1:7777 and xxx.xxx.xxx.xxx:7777 are different ports and can be bound by different processes IIRC.
If that doesn't fix it, check your firewall, many hosts set up firewalls that block everything but the handful you are likely to use
Try with telnet or nc first, telnet to your public ip with your port and see what response you get. Also, why are accessing /test from the browser? I don't see that part in the code. I hope you have taken care of that.