Modifying html repsonse from a webserver before it reaches the browser using a webserver plugin?

Question

The question is as simple as the title. I have a webapp (I have no clue as to what technology it was built on or what appserver it is running on). However, I do know that this webapp is being served by an Apache Server/ IIS Server / IBM Http Server. Now, I would like to have a plugin/ module / add-on at the web-server end, which would parse/truncate/cut/regex the http response (based on the requested url's pattern), and mask(encrypt/shuffle/substitute) a set of fields in this response based on different parameters(user's LDAP permissions in the intranet / user's geo-location if on the internet, etc) and send the altered response back to the user.

So, Is there an easy answer to creating such plugins/modules/add-ons? How feasible is this approach of creating extra software at the webserver, when you want to mask sensitive information in a webapp without modfying the web-app code? Are there any tools that help you do this for Apache?

And, finally, is this just a really crazy thing to try?!

Answer 1

Each webserver will have its own way of doing so.

There is no universal plugin architecture for webservers.

In IIS you would write an HTTP Handler or HTTP Module, or possibly an ISAPI Filter. You can also directly interact with the http response using the Response object exposed by the HttpContext.

With apache, there are different modules that can do what you want (mod_headers, for example).

I don't know anything about WebSphere, but I am certain it also has similar mechanisms.

What you are asking is required by most web applications, so would be either built in or very easy to do.

Answer 2

The easiest way is to add a plug-in using the web application container. For example, if it's Tomcat, you can add a filter or valve.

If you want to plug-in to the web server, you'd need to write a custom module using the API of whichever web server is being used.

If all else fails, you could always wrap the entire server in a reverse proxy. All requests would go through your proxy and that would give you the opportunity to modify the requests and the responses.