HTTPS Web Server Demo

The HTTP_ACCESS CheckHttpAccess(int sock, int access_level, HTTP_Request &Req) function is used to authenticate the web page access. It will allow access or redirect depending on the file and access rights.

SSL/TLS Web Server Demo

A NetBurner embedded web server application demonstrating secure HTTPS and non-secure HTTP access controls with SSL/TLS certificate authentication.

Overview

This application creates a dual-protocol web server that serves content over both HTTP (port 80) and HTTPS (port 443). It implements access control mechanisms to restrict certain content to secure connections only, demonstrating how to build embedded web applications with security-conscious file serving.

Features

• Dual Protocol Support: Serves content over both HTTP and HTTPS
• Access Control: Implements file-level security restrictions
• SSL/TLS Authentication: Uses embedded certificates for secure connections
• Dynamic Content: Provides callback functions for server-side processing
• Automatic Redirection: Handles unauthorized access attempts gracefully

Directory Structure

html
|-- index.html                     # Public page (HTTP/HTTPS accessible)
|-- images                         # Image directory (HTTP/HTTPS accessible)
      |-- SSL-Good.gif             # Displayed for HTTPS connections
      |-- SSL-Bad.gif              # Displayed for HTTP connections
      |-- Other misc images
|-- httpsdir                       # Secure directory (HTTPS only)
      |-- repeat.html              # Secure page requiring SSL/TLS

Access Control System

The application implements a two-tier access control system:

Access Level 0 (Public)

• Files: index.html, content in images/ directory
• Access: Available via both HTTP and HTTPS
• Authentication: None required

Access Level 1 (Secure)

• Files: Content in httpsdir/ directory (e.g., repeat.html)
• Access: HTTPS connections only
• Authentication: Valid SSL/TLS connection required
• Behavior: HTTP requests return HTTP_FORBIDDEN status

Core Components

Main Application (main.cpp)

Key Functions:**

• UserMain(): Application entry point, initializes network stack and starts web server
• CheckHttpAccess(): Custom access control function that overrides system defaults
• DoCounter(): Demonstrates server-side content generation for SSL connections
• SSL_Image(): Returns different images based on connection security
• GetHost() / ShowHost(): Host header parsing utilities

• HTTPS_Ref() / HTTP_Ref(): Generate protocol-specific URL references

  Network Initialization:**

• Waits for DHCP address assignment (5-second timeout)
• Starts web server on default ports (80 for HTTP, 443 for HTTPS)
• Enables system diagnostics for debugging

Security Certificates

Server Certificate (ServerCert.cpp)**

• Contains embedded SSL/TLS certificate data
• 672-byte PEM-encoded certificate

• Used for HTTPS connection authentication

  Private Key (ServerKey.cpp)**

• Contains embedded private key data
• 310-byte PEM-encoded EC private key
• Used for SSL/TLS handshake and encryption

How It Works

1. Server Startup: Application initializes network stack and starts dual-protocol web server
2. Connection Handling: Server accepts both HTTP and HTTPS connections
3. Access Control: CheckHttpAccess() function evaluates each request:
   • Level 0: Grants access regardless of protocol
   • Level 1: Requires SSL/TLS connection (IsSSLfd() check)
4. Content Serving:
   • Public content served over any protocol
   • Secure content only served over HTTPS
   • Dynamic content generated via callback functions

Security Features

• Protocol Enforcement: Secure directories reject non-SSL connections
• Certificate-Based Authentication: Uses embedded certificates for identity verification
• Graceful Degradation: Non-secure requests to secure content return proper HTTP error codes
• Dynamic Security Indicators: Different visual feedback based on connection security

Network Configuration

• DHCP: Automatically obtains IP address via DHCP
• Ports:
  • HTTP: 80 (configurable)
  • HTTPS: 443 (configurable)
• Protocols: HTTP/1.1, HTTPS with SSL/TLS

Usage Example

1. Deploy application to NetBurner device
2. Connect device to network (DHCP-enabled)
3. Access public content:
   • http://device-ip/index.html (works)
   • https://device-ip/index.html (works)
4. Access secure content:
   • http://device-ip/httpsdir/repeat.html (forbidden)
   • https://device-ip/httpsdir/repeat.html (works)

Customization

To modify access control:

1. Edit CheckHttpAccess() function logic
2. Adjust access levels in HTML files or .nbaccess files
3. Modify directory structure as needed
4. Update certificate/key files for production deployment

Dependencies

• NetBurner RTOS
• NetBurner HTTP/HTTPS libraries
• SSL/TLS crypto libraries
• Network interface libraries