Web server

TMA · March 19, 2018, 5:05pm

How would you suggest blocking access to a port for http but not websockets given the internal built in web server shows a webpage with the datasets.

http://www.timestored.com/kdb-guides/kdb-http-webserver

Regards.

sohagan8571 · March 19, 2018, 6:21pm

You can override .z.ph and .z.pp, and leave .z.ws as is or add your necessary code to that hook.

One basic example could be

q).z.pp:.z.ph:{.h.hn[“405 Method Not Allowed”;`txt;“nohttp”]}

jordan_shaw · March 19, 2018, 6:40pm

Hi TMA,

Depending on how your system is currently set up in terms of permissions will affect blocking HTTP queries.

.z.pw(validate user) hooks work for IPC and for HTTP Connections, HTTP queries however, are NOT routed through the .z.pg handler like IPC queries, instead they are handled by .z.ph(port httpget) - which is resposible for drawing the HTML webpage, executing a given query and formatting the results to be presented in a HTML table.

To restrict access for HTTP queries, we want to edit .z.ph. There are multiple ways this could be edited - it could use a call to .z.pw to check for specific user access or simply remove http query functionality all together.

The following whitepaper on permissions has a more comprehensive explanation of the above, and beyond - especially section 6, focusing on restricting http queries - depending on your current set-up, this should point you in the right direction.

https://code.kx.com/q/wp/permissions\_with\_kdb.pdf

There are also open source kdb+ frameworks avaliable on GitHub, some of these include utilies which make the security side of your system easier to control.

Hopefully this helps,

Kind Regards

Jordan

TMA · May 4, 2018, 10:48am

Apologies for the delay, that looks very promising, and simple, many thanks for your help.

TMA · May 4, 2018, 10:54am

Many thanks or the information, sorry for the delay in responding. The problem stems from this which is not clear. If you have two KDB instances running on the same server, different ports with slightly different data, and you have a frontend application, the frontend is hardcoding which port to connect to for efficiency. Obviously users can then look directly at the port and see the underlying data, also have another way which is an instance on a port and that acts as a gateway, which performs an hopen to the data, this would appear not so efficient. Another possibility was an nginx instance as a proxy, but would presume that will not work with publish/subscribe, currently it is poll based. What am trying to do is obscure the backend port data and closing .z.pp and .z.ph would achieve this, but is that the correct way. Regards.

Topic		Replies	Views
Http protocol disable Community Support kdb-and-q	5	0	July 10, 2014
Tech stack MVC to connect to KDB database ? Community Support kdb-and-q	2	1	November 25, 2017
webserver questions Community Support kdb-and-q	7	0	June 13, 2008
Qt QWebSockets with kdb+ Community Support imported , kdb-and-q	2	0	February 17, 2023
http-server with view view Community Support kdb-and-q	2	0	September 5, 2013

Web server

Related topics