KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: How to skip over HTTP and redirect to HTTPS: Part 2 (The Web decoy folder)
PRODUCT: 4D | VERSION: 11.4 | PLATFORM: Mac & Win
Published On: June 11, 2009

In Part 1 of this tech tip, we briefly touched on the idea of a web decoy folder.
In Part 2 of this tech tip, we will explore the concept of a web decoy folder in more detail.

First, let's look at the default behavior of the two database methods mentioned in Part 1: "On Web Authentication" and "On Web Connection".

The On Web Authentication database method is (by default) only called in the following situations:

  • when 4D receives a URL beginning with 4DACTION/
  • when 4D receives a URL beginning with 4DMETHOD/
  • when 4D receives a URL beginning with 4DCGI/
  • when 4D receives a URL requesting a static page that does not exist
  • when 4D processes a 4DSCRIPT tag in a semi-dynamic page
  • when 4D processes a 4DLOOP tag based on a method in a semi-dynamic page.

Note: The On Web Authentication database method expects a Boolean value to be returned in $0; True = request accepted, False = request rejected. The default value if $0 is not returned is True which means all requests are accepted.

The On Web Connection database method is (by default) called in the following cases:
  • When connecting a browser to a 4D Web server operating in contextual mode. The database method is called with the /<action>... URL.
  • When 4D receives the /4DMETHOD URL. The Web server switches to contextual mode and the database method is called with the /4DMETHOD/MethodName URL in $1.
  • When 4D receives the /4DCGI URL. The database method is called with the /4DCGI/ URL in $1.
  • When a Web page is called with a URL of type <path>/<file> that is not found. The database method is called with the URL as $1.
  • When a Web page is called with a URL of type <file>/ and no home page has been defined by default. The database method is called with the URL as $1.

So (by default) if the web visitor is requesting a page, and that page exists in the webfolder at the location specified in the URL, that page will be automatically sent back to the customer without any special processing. This is fine in most situations but the developer can gain much greater control over the requests by implementing a web decoy folder.

Using a web decoy folder is essentially a way triggering the "On Web Authentication" and "On Web Connection" database methods for all web requests, thus trapping all requests to the web server and allowing the developer to deal with them on case by case basis. This gives the developer much greater control over how the web server behaves.

A simple approach of implementing a web decoy is:
  1. Store your HTML files in a folder other than what is selected in the 4D Preferences. In addition to that, the folder that is selected in 4D Preferences should be empty (making all URL calls invalid thus invoking the On Web Authentication" and "On Web Connection" database method for each request). The following image depicts the layout of the web folder:



  2. With the above in place, all calls to the web server will now be invalid thus invoking the "On Web Authentication" and "On Web Connection" database methods. In order to tie it all together we must now check each request in either "On Web Authentication" or "On Web Connection" or both. A simple approach for the On Web Connection method could be the following code:

      `
      ` Database method: On Web Connection
      `

    C_TEXT($1;$2;$3;$4;$5;$6)
    C_TEXT(WebFolder_t;requestedFile_t)


    WebFolder_t:=Get 4D folder(Database Folder )+"web"
      ` This is the actual root folder for your html files
      ` I used a folder named "web" placed next to the structure
      ` NOTE: this folder must be different than what is selected
      ` as the HTML Root Folder in the Preferences, also the HTML
      ` Root Folder (from preferences) should be empty

    requestedFile_t:=WebFolder_t+(Replace string($1;"/";"\\"))
      ` This the path to the document being requested on the local file system
      ` NOTE: the "Replace string" command above is replacing
      ` the path delimiter for Windows, Macintosh should use : instead of \\


    If ((Test path name(requestedFile_t)=1))
        ` A file exists at the location requestedFile_t refers to
        `
        ` NOTE:
        ` if you wanted to, you can do additional checks on the file
        ` or path to filter out unwanted strings/urls in this section of code.
        `
        ` For this example, i am just sending the file if it exists

       C_BLOB(theBlob)
       DOCUMENT TO BLOB(requestedFile_t;theBlob)
       SEND HTML BLOB(theBlob;"text/html")
       ` file exists so send it


    Else
        ` file does not exist at the location (could be a folder)

      SEND HTML TEXT("404")
        ` Handle the 404 error
        ` NOTE: you can handle the 404 differently, this is just a quick example.

    End if

The developer should be able to expand on the above code to add further checks and customization to how 4D's web server responds to web requests.

See Also:
Commented by Timothy Penner on July 16, 2009 at 6:06 PM
If you need to send non-html files please check out the following wrapper to SEND HTML BLOB: http://kb.4d.com/search/assetid=75828
Commented by Atanas Atanassov on June 12, 2009 at 11:38 AM
You do not need to create the "webdecoy" folder, just type something(or leave it blank) into Defaul HTML Root: in the Preferences, Web theme and this will trigger the On Web Authentication database method.
Commented by Thomas Fitch on June 8, 2009 at 11:16 AM
The Web Decoy folder idea can be useful for a lot more than HTTPS. It basically lets you programmatically manage your web pages instead of using static web pages in the Web Folder. A lot of the time you will want to use a mix of the two strategies: some static webpages in the Web Folder and some dynamically built content using resources in the Web Decoy folder.