Home

HTTP Tunneling/Port 80 Cloaking

Another first from dbOvernet - try a demo - click here and run the Port80WebProject 

(Our dbO Help Desk also demonstrates HTTP Tunneling)

Using our HTTP tunneling solution, applications can move requests and data through a Port 80 restricted firewall to and back from external Application Servers as easily as they can with no firewall in place. Nothing in the firewall setup needs to be changed and no involvement is required from firewall administrators and/or IT personnel.

Known by various names: Port 80 Masking/Cloaking/Masquerading, HTTP Tunneling/Cloaking - our solution is one of the final pieces of the dbOvernet structure that we've been wanting to implement for a long time and we are the first to provide this solution for Delphi multi-tier environments.

As an overview: the HTTP tunneling/Port 80 cloaking technique enables dbOvernet client applications running behind a firewall to connect through Port 80 to servers outside the firewall, and to receive back data from those remote servers through the same port. Port 80 is typically used by Web Servers and for web browsing.

Those requests going out through Port 80 in a firewall can also tunnel in through a Web Server running through Port 80 at the dbOvernet Application Server end.

What is a firewall and how does it affect application development?

A firewall is typically a computer and software that sits between a group of client users and the wider outside Internet or intranet. The firewall is used to protect the internal client network from unauthorized access from outside the firewall. 

The firewall may also be configured to restrict the types of outside access clients have. Specifically, a firewall will restrict the types of protocols that may travel across the firewall into the internal network. The firewall will also often restrict the ports through which these protocols may pass. 

Many firewalls will be configured to allow HTTP protocol traffic on port 80 only - this allows users inside the firewall to browse web pages but nothing else. It also blocks outside attempts that access the network inside the firewall.

Remote-enabled applications that cannot traverse firewalls will simply fail any time a user inside a firewall tries to use the application. You must account for the fact that firewalls may exist between the user and the remote dbOvernet Application Server.

dbOvernet's HTTP tunneling provides a solution to the firewall challenge. 

How does it work?

dbOvernet's client-side TdbOClientDataset now optionally structures outbound requests so that the application operates reliably when client-side users reside within a firewall protected network and make requests to servers outside that firewall. The TdbOClientDataset has one new property that is set true or false, depending on whether or not you want to use the cloaking technique.

You can design your application so that it will first attempt a regular direct connection to the remote Application Server. In a firewall protected environment this connection will usually fail because the firewall blocks this type of connection for two reasons : 

  • The request is not a request for an HTTP connection
  • The outbound Port used by the client application is often not enabled on the firewall

Many firewalls are configured to allow users to access web pages and nothing else. That is, they are configured to allow only HTTP protocol connections on port 80 - the default web server port. So, in order for dbO applications to succeed in connecting to remote servers for users behind a firewall they too must use HTTP protocol and be routed via port 80.

The TdbOClientDataset can thus be configured to try the connection using HTTP protocol via port 80. This connection will be allowed by the firewall since it is the same way users access web pages. 

The standard TdbOClientDataset request is modified in such that it looks like a typical web request to the firewall. Those requests then make their way to the remote site's web server where they are routed through a redirector and on to the dbOvernet Application Server for processing. The response is then routed back the same way.

In effect, the entire transaction looks to the firewall as a regular HTTP request which it allows through without challenge.

Top